CVE-2006-5478

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.8.x before 8.8.1 FTF1 Novell eDirectory versions 8.x up to 8.7.3.8 Novell NetMail versions before 3.52e FTF2

Description The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows. This can be triggered by a long HTTP Host header, which causes an overflow in the BuildRedirectURL function. Other vectors include a username containing a . (dot) character in various services such as SMTP, POP, IMAP, HTTP, or Networked Messaging Application Protocol (NMAP) Netmail services.

Recommendations For Novell eDirectory versions 8.8.x before 8.8.1 FTF1, update to version 8.8.1 FTF1 or later. For Novell eDirectory versions 8.x up to 8.7.3.8, update to a version later than 8.7.3.8. For Novell NetMail versions before 3.52e FTF2, update to version 3.52e FTF2 or later. As a temporary workaround, consider restricting access to the BuildRedirectURL function and limiting the use of usernames containing a . (dot) character in the affected services until a patch is available.