CVE-2006-6425

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/23437	Patch Vendor Advisory
http://securityreason.com/securityalert/2080
http://securitytracker.com/id?1017437	Patch
http://www.kb.cert.org/vuls/id/258753	US Government Resource
http://www.securityfocus.com/archive/1/455200/100/0/threaded
http://www.securityfocus.com/bid/21723
http://www.vupen.com/english/advisories/2006/5134
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html	Patch Vendor Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:netmail::e-ftfl::::::*
	cpe:2.3:a:novell:netmail:3.0.1:::::::*
	cpe:2.3:a:novell:netmail:3.0.3a:a::::::
	cpe:2.3:a:novell:netmail:3.0.3a:b::::::
	cpe:2.3:a:novell:netmail:3.1:::::::*
	cpe:2.3:a:novell:netmail:3.1:f::::::
	cpe:2.3:a:novell:netmail:3.5:::::::*
	cpe:2.3:a:novell:netmail:3.10:::::::*
	cpe:2.3:a:novell:netmail:3.10:a::::::
	cpe:2.3:a:novell:netmail:3.10:b::::::
	cpe:2.3:a:novell:netmail:3.10:c::::::
	cpe:2.3:a:novell:netmail:3.10:d::::::
	cpe:2.3:a:novell:netmail:3.10:e::::::
	cpe:2.3:a:novell:netmail:3.10:f::::::
	cpe:2.3:a:novell:netmail:3.10:g::::::
	cpe:2.3:a:novell:netmail:3.10:h::::::

History

No history.

Information

Published : 2006-12-27 01:28

Updated : 2023-12-10 10:40

NVD link : CVE-2006-6425

Mitre link : CVE-2006-6425

CVE.ORG link : CVE-2006-6425

JSON object : View

Products Affected

novell

netmail

CWE

NVD-CWE-Other

{"id": "CVE-2006-6425", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-27T01:28:00.000", "references": [{"url": "http://secunia.com/advisories/23437", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2080", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017437", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/258753", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455200/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21723", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/5134", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el demonio IMAP (IMAPD) de Novell NetMail anterior a 3.52e FTF2 permite a atacantes remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados que implican el par\u00e1metro APPEND."}], "lastModified": "2018-10-17T21:48:11.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:netmail:*:e-ftfl:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8E5532-0649-431E-BB21-D5830FF20C50", "versionEndIncluding": "3.5.2"}, {"criteria": "cpe:2.3:a:novell:netmail:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "417FAC89-DD03-47E5-9743-FFD5E1AEC702"}, {"criteria": "cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6159C3FC-F82D-42BC-903F-2720FEF61E5A"}, {"criteria": "cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E56419-E190-4249-8B9E-02DC20B5F2F8"}, {"criteria": "cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4332FF7C-B625-4885-84F1-95A210391A42"}, {"criteria": "cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0863DA2-AA27-4C91-B73A-649354FB2B8B"}, {"criteria": "cpe:2.3:a:novell:netmail:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B57CD26-1038-4959-B560-D5FE90D6A2A3"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6733B36D-1AB1-4F61-A99C-E14343E41BEF"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D05531-78EF-46C7-A4F8-9CB0B077C207"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46767ECB-FD9A-478B-B983-85F6281F7F51"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7397E8D5-ECAE-4A89-8340-5576EE6551F8"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5BFC56-D652-4252-8E68-30DE40CC5BB4"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9A617E-75D2-45A6-ACF7-2A87A9803A18"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CCBCB4F-5F8B-45CD-9007-DD0C7F90D59B"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5657411D-2C13-406B-9113-2580062CA486"}, {"criteria": "cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D128B390-A46C-463E-9D97-D8AD0611191A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires a valid user account.\r\nThis vulnerability is addressed in the following product update:\r\nNovell, NetMail, 3.52e FTF2"}