Signature Detail

IMAP: IMAP Continuation Overflow

This signature detects attempts to exploit a known vulnerability against multiple IMAP service. Attackers can send a maliciously crafted request to execute arbitrary code on the affected host.

Extended Description

Novell NetMail is susceptible to a buffer overflow vulnerability in the IMAP command continuation function in the IMAP agent. This issue is due to a lack of proper boundary checks when copying user-supplied data to insufficiently-sized memory buffers. This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process. This issue was originally documented in BID 13926 (Novell NetMail Multiple Remote Vulnerabilities).

Affected Products

• Novell NetMail 3.0.1
• Novell NetMail 3.0.3
• Novell NetMail 3.0.3 a
• Novell NetMail 3.0.3 b
• Novell NetMail 3.1.0
• Novell NetMail 3.10.0
• Novell NetMail 3.10.0 a
• Novell NetMail 3.10.0 b
• Novell NetMail 3.10.0 c
• Novell NetMail 3.10.0 d
• Novell NetMail 3.10.0 e
• Novell NetMail 3.10.0 f
• Novell NetMail 3.10.0 g
• Novell NetMail 3.10.0 h
• Novell NetMail 3.1.0 f
• Novell NetMail 3.52.0
• Novell NetMail 3.52.0 A
• Novell NetMail 3.52.0 B

References

• BugTraq: 14718
• CVE: CVE-2005-1758