CVE-2006-6425

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html	Patch Vendor Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html	Patch
http://securitytracker.com/id?1017437	Patch
http://secunia.com/advisories/23437	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/258753	US Government Resource
http://www.securityfocus.com/bid/21723
http://securityreason.com/securityalert/2080
http://www.vupen.com/english/advisories/2006/5134
http://www.securityfocus.com/archive/1/455200/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:netmail:3.1:f::::::
	cpe:2.3:a:novell:netmail:3.10:::::::*
	cpe:2.3:a:novell:netmail:3.10:g::::::
	cpe:2.3:a:novell:netmail:3.10:h::::::
	cpe:2.3:a:novell:netmail:3.0.3a:b::::::
	cpe:2.3:a:novell:netmail:3.1:::::::*
	cpe:2.3:a:novell:netmail:3.10:e::::::
	cpe:2.3:a:novell:netmail:3.10:f::::::
	cpe:2.3:a:novell:netmail:3.0.1:::::::*
	cpe:2.3:a:novell:netmail:3.0.3a:a::::::
	cpe:2.3:a:novell:netmail:3.10:c::::::
	cpe:2.3:a:novell:netmail::e-ftfl::::::*
	cpe:2.3:a:novell:netmail:3.10:b::::::
	cpe:2.3:a:novell:netmail:3.10:a::::::
	cpe:2.3:a:novell:netmail:3.5:::::::*
	cpe:2.3:a:novell:netmail:3.10:d::::::

Information

Published : 2006-12-26 17:28

Updated : 2018-10-17 14:48

NVD link : CVE-2006-6425

Mitre link : CVE-2006-6425

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

novell

netmail

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html", "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html", "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1017437", "name": "1017437", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/23437", "name": "23437", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/258753", "name": "VU#258753", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/21723", "name": "21723", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/2080", "name": "2080", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/5134", "name": "ADV-2006-5134", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/455200/100/0/threaded", "name": "20061223 ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6425", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-12-27T01:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:*:e-ftfl:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.5.2"}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:48Z"}