Vulnerability Details : CVE-2006-6425
Public exploit exists!
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6425
Probability of exploitation activity in the next 30 days: 16.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-6425
-
Novell NetMail IMAP APPEND Buffer Overflow
Disclosure Date: 2006-12-23First seen: 2020-04-26exploit/windows/imap/novell_netmail_appendThis module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP APPEND verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2006-6425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2006-6425
-
http://www.securityfocus.com/archive/1/455200/100/0/threaded
- https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
-
http://www.kb.cert.org/vuls/id/258753
US Government Resource
-
http://www.securityfocus.com/bid/21723
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
-
http://securityreason.com/securityalert/2080
- http://www.vupen.com/english/advisories/2006/5134
-
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html
Patch;Vendor Advisory
- http://securitytracker.com/id?1017437
Products affected by CVE-2006-6425
- cpe:2.3:a:novell:netmail:*:e-ftfl:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*
- cpe:2.3:a:novell:netmail:3.0.1:*:*:*:*:*:*:*