Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Mon Jul 15 2002 - 07:02:18 CDT
PricewaterhouseCoopers Security Vulnerability Report
Problem: Multiple buffer overflow conditions
have been identified in Novell Netmail.
Threat: Remote root compromise.
Affected Software: Novell Netmail 3.0.3,
Novell Netmail 3.1,
Novell Netmail XE 3.1.
Platforms: Linux Redhat 7.3,
Solution: Apply the appropriate patches from Novell.
An exploitable buffer overflow condition exists in the Netmail
webinterface. It is possible for an attacker to attain remote root
access on Linux and possibly other platforms. There is another
buffer overflow condition in the webadmin interface running on port
81, which however is not active on a default installation. We have
not looked in to the exploitability of the later issue.
NetMail (NIMS) 3.0.3b Update for NetWare
NetMail (NIMS) 3.0.3b Update for Linux
NetMail (NIMS) 3.0.3b Update for Solaris
NetMail 3.1b Update for NetWare
NetMail 3.1b Update for Windows
NetMail 3.1b Update for Linux
NetMail 3.1b Update for Solaris
NetMail XE 3.1b Update
Novell was contacted 20020701.
This vulnerability was found by
Patrik Karlsson & Jonas Lšndin
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from any computer.