• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Novell NetMail Multiple Remote Vulnerabilities

Novell NetMail is susceptible to multiple remote vulnerabilities.

The IMAP agent is susceptible to two remote buffer overflow vulnerabilities, and the Modweb agent is susceptible to a remote buffer overflow vulnerability. These issues allow remote attackers to execute arbitrary machine code in the context of the affected server process.

The Modweb agent is susceptible to two remote denial of service vulnerabilities. These issues allow remote attackers to crash the service, and to consume excessive CPU resources. These issues result in the denial of service to legitimate users.

The Modweb agent is also susceptible to a cross-site scripting vulnerability, allowing attackers to execute arbitrary HTML and script code in unsuspecting users Web browsers in the context of the affected Web site.

This BID will be split into its individual issues at a later date.

Update: The IMAP command continuation issue has been split into BID 14718.