Intrusion Prevention

Novell.NetMail.WebAdmin.Username.Buffer.Overflow

Description

There is a stack-based buffer overflow vulnerability in Novell NetMail WebAdmin service. It is due to a boundary check error when performing HTTP basic authentication. An attacker can exploit this vulnerability by sending a specially crafted HTTP Basic authentication username to the 'webadmin.exe' process, and can then execute arbitrary code on the target system.

Affected Products

Novell NetMail 3.52 D
Novell NetMail 3.52 C1
Novell NetMail 3.52 C
Novell NetMail 3.52 B
Novell NetMail 3.52 A
Novell NetMail 3.52
Novell NetMail 3.52e-ftfl

Impact

System compromise, arbitrary code execution.

Recommended Actions

The vendor has released version 3.52E to address this issue. Please apply it.

CVE References

CVE-2007-1350