pwc.20020630.nims_modweb.b

From: patrik.karlssonat_private
Date: Mon Jul 15 2002 - 05:02:18 PDT

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0062 - squid"

Previous message: patrik.karlssonat_private: "pwc.20020630.nims_3.0.3_imapd.a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PricewaterhouseCoopers Security Vulnerability Report
No: pwc.20020630.nims_modweb.b
====================================================

Vulnerability Summary
---------------------
Problem:                Multiple buffer overflow conditions
                        have been identified in Novell Netmail.

Threat:                 Remote root compromise.

Affected Software:      Novell Netmail 3.0.3,
                        Novell Netmail 3.1,
                        Novell Netmail XE 3.1.

Platforms:              Linux Redhat 7.3,
                              Sun Solaris,
                              Microsoft Windows,
                              Netware 6.

Solution:               Apply the appropriate patches from Novell.


Vulnerability Description
-------------------------
An exploitable buffer overflow condition exists in the Netmail 
webinterface. It is possible for an attacker to attain remote root
access on Linux and possibly other platforms. There is another
buffer overflow condition in the webadmin interface running on port
81, which however is not active on a default installation. We have
not looked in to the exploitability of the later issue.

Solutions
---------
NetMail (NIMS) 3.0.3b Update for NetWare
http://support.novell.com/servlet/tidfinder/2963002

NetMail (NIMS) 3.0.3b Update for Linux
http://support.novell.com/servlet/tidfinder/2963004

NetMail (NIMS) 3.0.3b Update for Solaris
http://support.novell.com/servlet/tidfinder/2963004

NetMail 3.1b Update for NetWare
http://support.novell.com/servlet/tidfinder/2963005

NetMail 3.1b Update for Windows
http://support.novell.com/servlet/tidfinder/2963006

NetMail 3.1b Update for Linux 
http://support.novell.com/servlet/tidfinder/2963007

NetMail 3.1b Update for Solaris 
http://support.novell.com/servlet/tidfinder/2963008

NetMail XE 3.1b Update
http://support.novell.com/servlet/tidfinder/2963009

Additional Information
----------------------
Novell was contacted 20020701.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik.karlssonat_private



_________________________________________________________________
The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or 
taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited.   If you 
received this in error, please contact the sender and delete the material 
from any computer.

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0062 - squid"
Previous message: patrik.karlssonat_private: "pwc.20020630.nims_3.0.3_imapd.a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 07:17:35 PDT