Vulnerability Details : CVE-2006-6424
Public exploit exists!
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6424
89.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-6424
-
Novell NetMail NMAP STOR Buffer Overflow
Disclosure Date: 2006-12-23First seen: 2020-04-26exploit/windows/novell/nmap_storThis module exploits a stack buffer overflow in Novell's Netmail 3.52 NMAP STOR verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2006-6424
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2006-6424
-
http://www.kb.cert.org/vuls/id/912505
US Government Resource
-
https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
Patch
-
http://www.securityfocus.com/bid/21725
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
-
http://www.securityfocus.com/archive/1/455201/100/0/threaded
-
http://www.zerodayinitiative.com/advisories/ZDI-06-053.html
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/5134
-
http://www.kb.cert.org/vuls/id/381161
US Government Resource
-
http://www.zerodayinitiative.com/advisories/ZDI-06-052.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1017437
Patch
-
http://securityreason.com/securityalert/2081
-
http://www.securityfocus.com/bid/21724
-
http://www.cirt.dk/advisories/cirt-48-advisory.txt
Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/455202/100/0/threaded
Products affected by CVE-2006-6424
- cpe:2.3:a:novell:netmail:*:e-ftfl:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.1:*:*:*:*:*:*:*