CVE - CVE-2006-6424

CVE-ID
CVE-2006-6424	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21724 URL:http://www.securityfocus.com/bid/21724 BID:21725 URL:http://www.securityfocus.com/bid/21725 BUGTRAQ:20061223 ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/455201/100/0/threaded BUGTRAQ:20061223 ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/455202/100/0/threaded CERT-VN:VU#381161 URL:http://www.kb.cert.org/vuls/id/381161 CERT-VN:VU#912505 URL:http://www.kb.cert.org/vuls/id/912505 CONFIRM:https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html MISC:http://www.cirt.dk/advisories/cirt-48-advisory.txt MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-052.html MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-053.html SECTRACK:1017437 URL:http://securitytracker.com/id?1017437 SECUNIA:23437 URL:http://secunia.com/advisories/23437 SREASON:2081 URL:http://securityreason.com/securityalert/2081 VUPEN:ADV-2006-5134 URL:~~http://www.vupen.com/english/advisories/2006/5134~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20061209	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061209)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)