Check Point Advisories

Novell NetMail IMAP Buffer Overflow (CVE-2005-3314)

Check Point Reference: CPAI-2005-332
Date Published: 8 Oct 2009
Severity: High
Last Updated: Thursday 08 October, 2009
Source:
Industry Reference:CVE-2005-3314
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description The Internet Message Access Protocol (IMAP) allows the access and manipulation of electronic mail. Novell Netmail is a mail server product that relies on Novell eDirectory and Novell Nsure Audit products. It supports the IMAP protocol as well as other well known internet mail protocols. There exists a stack-based buffer overflow vulnerability in the Novell NetMail IMAP service. The flaw is exploited when the affected product processes a crafted IMAP command that contains overly long verb arguments. An authenticated remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the IMAP server process. A successful attack aimed at code injection and execution will result in process flow of the vulnerable program being diverted to arbitrary attacker-supplied code. In such a case, the behaviour of the target system is dependent on the intention of the malicious code. Furthermore, since the attacker will take over the affected process, the process will stop functioning as intended, as such, a denial of service condition will ensue. If a code execution attack is not executed successfully, then the affected IMAP server will only experience a denial of service condition as a result of unexpected termination. The affected product is also available on Linux and NetWare systems. The IMAP service process may be running with lower privileges on these systems.

Protection Overview

This protection will detect and block attempts to transfer malicious XML files over HTTP.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Novell NetMail IMAP Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  IMAP Protocol Violation.
Attack Information:  Novell NetMail IMAP buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK