OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
patrik.karlsson_at_se.pwcglobal.com
Date: Mon Jul 15 2002 - 07:02:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    PricewaterhouseCoopers Security Vulnerability Report
    No: pwc.20020630.nims_modweb.b
    ====================================================

    Vulnerability Summary
    ---------------------
    Problem: Multiple buffer overflow conditions
                            have been identified in Novell Netmail.

    Threat: Remote root compromise.

    Affected Software: Novell Netmail 3.0.3,
                            Novell Netmail 3.1,
                            Novell Netmail XE 3.1.

    Platforms: Linux Redhat 7.3,
                                  Sun Solaris,
                                  Microsoft Windows,
                                  Netware 6.

    Solution: Apply the appropriate patches from Novell.

    Vulnerability Description
    -------------------------
    An exploitable buffer overflow condition exists in the Netmail
    webinterface. It is possible for an attacker to attain remote root
    access on Linux and possibly other platforms. There is another
    buffer overflow condition in the webadmin interface running on port
    81, which however is not active on a default installation. We have
    not looked in to the exploitability of the later issue.

    Solutions
    ---------
    NetMail (NIMS) 3.0.3b Update for NetWare
    http://support.novell.com/servlet/tidfinder/2963002

    NetMail (NIMS) 3.0.3b Update for Linux
    http://support.novell.com/servlet/tidfinder/2963004

    NetMail (NIMS) 3.0.3b Update for Solaris
    http://support.novell.com/servlet/tidfinder/2963004

    NetMail 3.1b Update for NetWare
    http://support.novell.com/servlet/tidfinder/2963005

    NetMail 3.1b Update for Windows
    http://support.novell.com/servlet/tidfinder/2963006

    NetMail 3.1b Update for Linux
    http://support.novell.com/servlet/tidfinder/2963007

    NetMail 3.1b Update for Solaris
    http://support.novell.com/servlet/tidfinder/2963008

    NetMail XE 3.1b Update
    http://support.novell.com/servlet/tidfinder/2963009

    Additional Information
    ----------------------
    Novell was contacted 20020701.

    This vulnerability was found by
    Patrik Karlsson & Jonas Lšndin
    patrik.karlssonse.pwcglobal.com

    _________________________________________________________________
    The information transmitted is intended only for the person or entity to
    which it is addressed and may contain confidential and/or privileged
    material. Any review, retransmission, dissemination or other use of, or
    taking of any action in reliance upon, this information by persons or
    entities other than the intended recipient is prohibited. If you
    received this in error, please contact the sender and delete the material
    from any computer.