CVE-2006-6424

Novell NetMail < 3.52e FTF2 - Remote Code Execution via IMAP Command Continuation or NMAP STOR Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6424. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/novell/nmap_stor.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Novell NetMail's NMAP STOR command. It sends an overly long string to overwrite the buffer and control execution, delivering a payload for remote code execution.

Description

Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16813

This exploit targets a stack buffer overflow in Novell NetMail's NMAP STOR command. It sends an overly long string to overwrite the buffer and control execution, delivering a payload for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail <= 3.52d
No auth needed
Prerequisites: Network access to the target's NMAP service (port 689)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/novell/nmap_stor.rb

This Metasploit module exploits a stack buffer overflow in Novell NetMail 3.52 via the NMAP STOR command. It sends a crafted payload to overwrite the buffer and control execution, targeting Windows 2000 Pro SP4 English.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail 3.52
No auth needed
Prerequisites: Network access to port 689 · Target running Novell NetMail 3.52
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/381161
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-06-053.html
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-06-052.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/912505
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2081
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21725
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455201/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5134
Patch, Vendor Advisory x_refsource_misc
http://www.cirt.dk/advisories/cirt-48-advisory.txt
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017437
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21724
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23437
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455202/100/0/threaded

Scores

EPSS 0.5791
EPSS Percentile 99.0%

Details

Status published
Products (6)
novell/netmail 3.0.1
novell/netmail 3.0.3a a (2 CPE variants)
novell/netmail 3.1 (2 CPE variants)
novell/netmail 3.5
novell/netmail 3.10 (9 CPE variants)
novell/netmail < 3.5.2
Published Dec 27, 2006
Tracked Since Feb 18, 2026