CVE-2006-6425

Novell NetMail <3.52e - RCE

Title source: llm

Description

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16488

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/novell_netmail_append.rb

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://secunia.com/advisories/23437

[Patch] http://securitytracker.com/id?1017437

[US Government Resource] http://www.kb.cert.org/vuls/id/258753

[Patch, Vendor Advisory] http://www.zerodayinitiative.com/advisories/ZDI-06-054.html

[Patch] https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/455200/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21723

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/5134

[Third Party Advisory] http://securityreason.com/securityalert/2080

Scores

EPSS 0.7979

EPSS Percentile 99.1%

Details

Status published

Products (6)

novell/netmail 3.0.1

novell/netmail 3.0.3a a (2 CPE variants)

novell/netmail 3.1 (2 CPE variants)

novell/netmail 3.5

novell/netmail 3.10 (9 CPE variants)

novell/netmail < 3.5.2

Published Dec 27, 2006

Tracked Since Feb 18, 2026