9

CVE-2006-6424

Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellNetmail Updatee-ftfl Version <= 3.5.2
NovellNetmail Version3.0.1
NovellNetmail Version3.0.3a Updatea
NovellNetmail Version3.0.3a Updateb
NovellNetmail Version3.1
NovellNetmail Version3.1 Updatef
NovellNetmail Version3.5
NovellNetmail Version3.10
NovellNetmail Version3.10 Updatea
NovellNetmail Version3.10 Updateb
NovellNetmail Version3.10 Updatec
NovellNetmail Version3.10 Updated
NovellNetmail Version3.10 Updatee
NovellNetmail Version3.10 Updatef
NovellNetmail Version3.10 Updateg
NovellNetmail Version3.10 Updateh
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 57.91% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
Patch
http://secunia.com/advisories/23437
Patch
Vendor Advisory
http://securityreason.com/securityalert/2081
http://securitytracker.com/id?1017437
Patch
http://www.cirt.dk/advisories/cirt-48-advisory.txt
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/381161
US Government Resource
http://www.kb.cert.org/vuls/id/912505
US Government Resource
http://www.securityfocus.com/archive/1/455201/100/0/threaded
http://www.securityfocus.com/archive/1/455202/100/0/threaded
http://www.securityfocus.com/bid/21724
http://www.securityfocus.com/bid/21725
http://www.vupen.com/english/advisories/2006/5134
http://www.zerodayinitiative.com/advisories/ZDI-06-052.html
Patch
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-053.html
Patch
Vendor Advisory