CVE-2006-6761

Novell NetMail <3.52e - RCE

Title source: llm

Description

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16478

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/novell_netmail_subscribe.rb

View Code ZIP pw:eip

References (7)

[Patch] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=454

[Patch] https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html

[US Government Resource] http://www.kb.cert.org/vuls/id/863313

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/5134

[Patch] http://securitytracker.com/id?1017437

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/23437

[Patch] http://www.securityfocus.com/bid/21728

Scores

EPSS 0.5636

EPSS Percentile 98.1%

Details

Status published

Products (1)

novell/netmail 3.5.2 a (6 CPE variants)

Published Dec 27, 2006

Tracked Since Feb 18, 2026