Description: Some vulnerabilities have been reported in Novell NetMail, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system and by malicious people to compromise a vulnerable system.
1) A boundary error within the NMAP (Network Messaging Application Protocol) service when handling STOR commands can be exploited to cause a buffer overflow by passing an overly long argument to the command.
Successful exploitation requires a valid user account.
2) A boundary error in the IMAP service when handling the SUBSCRIBE command can be exploited to cause a stack-based buffer overflow by passing an overly long string as argument.
Successful exploitation requires a valid user account.
3) An unspecified error in the IMAP service when handling the APPEND command can be exploited to cause a DoS.
Successful exploitation requires a valid user account.
4) An input validation error in the IMAP service when processing command continuation requests can be exploited to cause a heap-based buffer overflow.
5) A boundary error in the IMAP service when handling the APPEND command can be exploited to cause a stack-based buffer overflow by passing a specially crafted, overly long argument to the command.
Successful exploitation requires a valid user account.
The vulnerabilities are reported in version 3.5.2. Other versions may also be affected.
Provided and/or discovered by: 1-3) Dennis Rand
4-5) Discovered by an anonymous person and reported via ZDI.
Changelog: 2006-12-26: Added additional information from iDefense Labs.
2006-12-27: Added CVE reference.
2007-01-18: Added links to US-CERT. Added link to ZDI.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
