Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > AusCERT - Novell NetMail 3.5.2c and prior - multiple vulnerabilities (AUSCERT AA-2005.009)

June 2005

AusCERT - Novell NetMail 3.5.2c and prior - multiple vulnerabilities (AUSCERT AA-2005.009)

ID: 00509
Ref: 469/2005
Date: 22 June 2005:16:20:51
Version: 1
Title: AusCERT - Novell NetMail 3.5.2c and prior - multiple vulnerabilities (AUSCERT AA-2005.009)
Abstract: This bulletin describes four vulnerabilities in Novell Netmail 3.5.2. 1, 2 and 3 affect versions 3.5.2b and prior on all platforms. Vulnerability 4 affects all versions 3.5.2c and prior on Linux only.
Vendors affected: Novell
Applications affected: Novell

Title
=====
AusCERT - Novell NetMail 3.5.2c and prior - multiple vulnerabilities (AUSCERT AA-2005.009)


Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2005.009 AUSCERT Advisory

Novell NetMail 3.5.2c and prior - multiple vulnerabilities
22 June 2005
- - ---------------------------------------------------------------------------

AusCERT Advisory Summary
------------------------

Product: Novell NetMail 3.5.2c and prior
Operating System: Linux variants
Windows
Novell NetWare
Impact: Cross-site Scripting
Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
Existing Account
CVE Names: CAN-2005-1756 CAN-2005-1757 CAN-2005-1758
CAN-2005-1976


OVERVIEW:

This bulletin describes four vulnerabilities in Novell Netmail 3.5.2.
1, 2 and 3 affect versions 3.5.2b and prior on all platforms.
Vulnerability 4 affects all versions 3.5.2c and prior on Linux only.

1. CAN-2005-1756
NetMail WebAccess has a cross-site scripting vulnerability that
can be exploited by sending an ical object to a NetMail user. When
the appointment is opened, script in the body of the message will be
executed.

2. CAN-2005-1757
NetMail WebAccess has a buffer overflow vulnerability that can be
exploited when a user performs a folder rename and supplies a very
long new folder name.

3. CAN-2005-1758
NetMail IMAPD is vulnerable to a heap overflow when a large number
of bytes is specified for IMAP command continuation. This can be
exploited by unauthenticated remote attackers.

4. CAN-2005-1976
Incorrect file permissions were set on the NetMail binaries in the
Linux version of NetMail patches 3.5.2a, 3.5.2b and 3.5.2c. This
can be exploited by any user on the local machine with UID 500 or
membership of group 500.


IMPACT:

1. An attacker who is able to send an ical object to a NetMail user
can misuse the recipient's authentication credential, performing
any action on the NetMail connection that the recipient could
perform.

2. An existing NetMail user can potentially execute arbitrary code
on the server.

3. An unauthenticated remote attacker can potentially execute
arbitrary code on the NetMail server.

4. A local user with UID 500 or member of group 500 can replace the
NetMail binaries, and thereby execute arbitrary code on the server.


MITIGATION:

Netmail 3.5.2c1 incorporates fixes for all four vulnerabilities. [3]


REFERENCES:

[1] Novell TID 10098022
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm

[2] Novell TID 10097957
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm

[3] Novell NetMail 3.5 Patches
http://support.novell.com/filefinder/19357/index.html


AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================

- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQrjJ2ih9+71yA2DNAQJVwgP+PsT2pu5g2zQe0E+hQxO9NQhRmhF/fnNu
EPPEygY0zZSoy84gu4UTVJE5Xeyn+BiSy9hcr3vo/1MY/hmxNPriQVKwcou6ufeP
6Uvx8lN5ywB4j3Xngu268i3JcLFmfhjO2aLzPJn7aVKOjROySHIWpfRjkxld2b6o
yzTEbZFfm9Q=
=kGlZ
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |