Vulnerability Details : CVE-2006-6425
Public exploit exists!
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-6425
- cpe:2.3:a:novell:netmail:*:e-ftfl:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6425
11.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-6425
-
Novell NetMail IMAP APPEND Buffer Overflow
Disclosure Date: 2006-12-23First seen: 2020-04-26exploit/windows/imap/novell_netmail_appendThis module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP APPEND verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2006-6425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2006-6425
-
http://www.securityfocus.com/archive/1/455200/100/0/threaded
-
https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
Patch
-
http://www.kb.cert.org/vuls/id/258753
US Government Resource
-
http://www.securityfocus.com/bid/21723
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
-
http://securityreason.com/securityalert/2080
-
http://www.vupen.com/english/advisories/2006/5134
-
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1017437
Patch
Jump to