Vendor Status Note JVNCIAC-R-109

Novell NetMail に複数のバッファオーバーフローの脆弱性

概要

Novell NetMail には、複数のバッファオーバーフローの脆弱性があります。

影響を受けるシステム

 - Novell NetMail 3.52

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりする可能性があります。

ベンダ情報

ベンダリンク更新日
NOVELLSecurity Vulnerabilities: Buffer Overrun in NetMail 3.52
Security Vulnerabilities: NetMail Buffer Overrun and Denial of Service
参考情報

  1. US-CERT Vulnerability Note VU#912505
    Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
  2. US-CERT Vulnerability Note VU#863313
    Novell NetMail IMAP vulnerable to buffer overflow when processing "SUBSCRIBE" commands
  3. US-CERT Vulnerability Note VU#944273
    Novell NetMail IMAP vulnerable to DoS when processing "APPEND" commands
  4. US-CERT Vulnerability Note VU#258753
    Novell NetMail IMAP server vulnerable to buffer overflow when processing "APPEND" commands
  5. US-CERT Vulnerability Note VU#381161
    Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
  6. ISS X-Force Database: netmail-subscribe-bo(31079)
    Novell NetMail IMAP SUBSCRIBE buffer overflow
  7. ISS X-Force Database: netmail-append-dos(31067)
    Novell NetMail APPEND command denial of service
  8. ISS X-Force Database: netmail-append-bo(31066)
    Novell NetMail APPEND command buffer overflow

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-0301 ( 2007-01-24 )
CIAC BulletinR-109 Security Vulnerabilities: Buffer Overrun in NetMail 3.52 ( 2007-01-18 )
CVE2006-6424 [CVE+] VU#912505,VU#381161
2006-6761 [CVE+] VU#863313,XF31079
2006-6762 [CVE+] VU#944273,XF31067
2006-6425 [CVE+] VU#258753,XF31066
PGP署名JVNCIAC-R-109.html.sig

登録日1:04 2007/01/28
更新日1:04 2007/01/28

Copyright(C) 2002-2009 Keio Univ. All rights reserved.