CVE-2006-6425: Buffer Overflow
First published: Wed Dec 27 2006(Updated: )
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell NetMail | =3.1 | |
| Novell NetMail | =3.10-f | |
| Novell NetMail | =3.0.1 | |
| Novell NetMail | =3.10-g | |
| Novell NetMail | =3.10-e | |
| Novell NetMail | <=3.5.2 | |
| Novell NetMail | =3.10-h | |
| Novell NetMail | =3.10-b | |
| Novell NetMail | =3.0.3a-a | |
| Novell NetMail | =3.0.3a-b | |
| Novell NetMail | =3.1-f | |
| Novell NetMail | =3.10 | |
| Novell NetMail | =3.10-c | |
| Novell NetMail | =3.10-a | |
| Novell NetMail | =3.5 | |
| Novell NetMail | =3.10-d | |
| <=3.5.2 | ||
| =3.0.1 | ||
| =3.0.3a-a | ||
| =3.0.3a-b | ||
| =3.1 | ||
| =3.1-f | ||
| =3.5 | ||
| =3.10 | ||
| =3.10-a | ||
| =3.10-b | ||
| =3.10-c | ||
| =3.10-d | ||
| =3.10-e | ||
| =3.10-f | ||
| =3.10-g | ||
| =3.10-h |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-06-054.html
- https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
- http://securitytracker.com/id?1017437
- http://secunia.com/advisories/23437
- http://www.kb.cert.org/vuls/id/258753
- http://www.securityfocus.com/bid/21723
- http://securityreason.com/securityalert/2080
- http://www.vupen.com/english/advisories/2006/5134
- http://www.securityfocus.com/archive/1/455200/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-6425?
CVE-2006-6425 is rated as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2006-6425?
To fix CVE-2006-6425, upgrade Novell NetMail to version 3.52e FTF2 or later.
What causes CVE-2006-6425?
CVE-2006-6425 is caused by a stack-based buffer overflow in the IMAP daemon of Novell NetMail.
Who is affected by CVE-2006-6425?
Remote authenticated users of Novell NetMail versions prior to 3.52e FTF2 are affected by CVE-2006-6425.
What actions can be taken to mitigate CVE-2006-6425?
In addition to upgrading, restricting access to the IMAP daemon can help mitigate the risk associated with CVE-2006-6425.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- collector/nvd-historical
- vendor/novell
- product/netmail
- canonical/novell netmail
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- version/novell netmail/3.1
- version/novell netmail/3.10-f
- version/novell netmail/3.0.1
- version/novell netmail/3.10-g
- version/novell netmail/3.10-e
- version/novell netmail/3.5.2
- version/novell netmail/3.10-h
- version/novell netmail/3.10-b
- version/novell netmail/3.0.3a-a
- version/novell netmail/3.0.3a-b
- version/novell netmail/3.1-f
- version/novell netmail/3.10
- version/novell netmail/3.10-c
- version/novell netmail/3.10-a
- version/novell netmail/3.5
- version/novell netmail/3.10-d