Novell provides NetMail patches for critical holes
Software vendor Novell is distributing patches for a number of weak points in its NetMail 3.52 mail server for Windows, Linux, and NetWare. Attackers may be able to use the holes to get complete control of vulnerable systems from the Internet, or to take down server services. Novell's advisories do not, however, make it clear whether older versions of NetMail also contain the programming errors.
The weak points may cause buffer overflows in the IMAP and NMAP service (Network Messaging Application Protocol) that attackers can use to inject arbitrary malicious code. Novell writes that there is a potential denial-of-service vulnerability in the IMAP service. Apparently in some cases its not even necessary to have a valid e-mail account, to exploit the flaw. The advisories do not provide any details. NetMail administrators are advised to install the patches as quickly as possible.
- Buffer Overrun in NetMail 3.52, Novell's advisory
- NetMail Buffer Overrun and Denial of Service, Novell's advisory