Buffer overflow in Novell's Netmail
The web administration in Novell's Netmail can cause a buffer overflow, thus providing maliciously inclined individuals an opportunity to insert any odd program code. To do so, no valid logon data are required.
In the file webadmin.exe, the default setting of which is to listen on port 89 on the network, an HTTP Basic authentication of a username with more than 213 characters can cause a buffer overflow. The fault lies with a vulnerable call of the function sprintf(), the security services provider ZeroDay Initiative reports.
With an update to Version 3.52e Novell has, in addition to removing other bugs, closed this hole in Netmail 3.52. Anyone who has not yet incorporated the cumulative update should do so as quickly as possible.
- Novell Netmail WebAdmin Buffer Overflow Vulnerability, security advisory of ZDI
- NetMail 3.52E Update, download site of the Novell updates