CVE-2006-6425

Novell NetMail < 3.52e FTF2 - Authenticated Stack-Based Buffer Overflow via IMAP APPEND Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6425. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/imap/novell_netmail_append.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Novell NetMail's IMAP APPEND command. It sends a crafted payload to overwrite the buffer and execute arbitrary code on the target system.

Description

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16488

This is a Metasploit module exploiting a stack buffer overflow in Novell NetMail's IMAP APPEND command. It sends a crafted payload to overwrite the buffer and execute arbitrary code on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail <= 3.52d
Auth required
Prerequisites: Network access to the IMAP service · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/novell_netmail_append.rb

This Metasploit module exploits a stack buffer overflow in Novell NetMail 3.52 via the IMAP APPEND command. It sends a crafted payload to overwrite the buffer and control execution flow, targeting Windows 2000 SP0-SP4.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail 3.52
Auth required
Prerequisites: Network access to vulnerable IMAP service · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455200/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21723
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5134
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017437
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/258753
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2080
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23437

Scores

EPSS 0.5847
EPSS Percentile 99.0%

Details

Status published
Products (6)
novell/netmail 3.0.1
novell/netmail 3.0.3a a (2 CPE variants)
novell/netmail 3.1 (2 CPE variants)
novell/netmail 3.5
novell/netmail 3.10 (9 CPE variants)
novell/netmail < 3.5.2
Published Dec 27, 2006
Tracked Since Feb 18, 2026