CVE-2006-6761

Novell NetMail - Authenticated Stack-Based Buffer Overflow via IMAP SUBSCRIBE Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6761. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/imap/novell_netmail_subscribe.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Novell NetMail's IMAP SUBSCRIBE command. It sends a crafted payload to overwrite the buffer and execute arbitrary code on the target system.

Description

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16478

This is a Metasploit module exploiting a stack buffer overflow in Novell NetMail's IMAP SUBSCRIBE command. It sends a crafted payload to overwrite the buffer and execute arbitrary code on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail <= 3.52d
Auth required
Prerequisites: Network access to the IMAP service · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/novell_netmail_subscribe.rb

This Metasploit module exploits a stack buffer overflow in Novell NetMail 3.52 via an overly long IMAP SUBSCRIBE command, allowing remote code execution. It uses a return address override and payload delivery to achieve exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetMail 3.52
Auth required
Prerequisites: Network access to vulnerable IMAP service · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Patch third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=454
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/863313
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5134
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017437
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23437
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21728

Scores

EPSS 0.5367
EPSS Percentile 98.9%

Details

Status published
Products (1)
novell/netmail 3.5.2 a (6 CPE variants)
Published Dec 27, 2006
Tracked Since Feb 18, 2026