CVE-2006-6424

Name of the Vulnerable Software and Affected Versions Novell NetMail versions prior to 3.52e FTF2

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved in two ways: by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow, or via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

Recommendations For Novell NetMail versions prior to 3.52e FTF2, update to version 3.52e FTF2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMAPD and NMAP daemon to minimize the risk of exploitation. Avoid using crafted arguments to the STOR command until the issue is resolved.