In association with heise online

08 March 2007, 14:01

Buffer overflow in Novell's Netmail

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The web administration in Novell's Netmail can cause a buffer overflow, thus providing maliciously inclined individuals an opportunity to insert any odd program code. To do so, no valid logon data are required.

In the file webadmin.exe, the default setting of which is to listen on port 89 on the network, an HTTP Basic authentication of a username with more than 213 characters can cause a buffer overflow. The fault lies with a vulnerable call of the function sprintf(), the security services provider ZeroDay Initiative reports.

With an update to Version 3.52e Novell has, in addition to removing other bugs, closed this hole in Netmail 3.52. Anyone who has not yet incorporated the cumulative update should do so as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit