ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.
a6c8579fcaac421e0684e535024d5416f00bfb87093bdcb05e5735e03d9dc6c9This is a multipart message in MIME format.
--=_alternative 006348FA882570BD_=
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
WkRJLTA1LTAwMyAtIE5vdmVsbCBOZXRNYWlsIElNQVBEIEJ1ZmZlciBPdmVyZmxvd3MNCmh0dHA6
Ly93d3cuemVyb2RheWluaXRpYXRpdmUuY29tL2Fkdmlzb3JpZXMvWkRJLTA1LTAwMy5odG1sDQpO
b3ZlbWJlciAxOHRoLCAyMDA1DQoNCkNWRSBJRDogQ0FOLTIwMDUtMzMxNCANCg0KQWZmZWN0ZWQg
VmVuZG9yOg0KIC0gTm92ZWxsDQoNCkFmZmVjdGVkIFByb2R1Y3RzOg0KIC0gTm92ZWxsIE5ldG1h
aWwgMy41LjIgDQoNClRpcHBpbmdQb2ludFRNIElQUyBDdXN0b21lciBQcm90ZWN0aW9uOg0KVGlw
cGluZ1BvaW50IElQUyBjdXN0b21lcnMgaGF2ZSBiZWVuIHByb3RlY3RlZCBhZ2FpbnN0IHRoaXMg
dnVsbmVyYWJpbGl0eSANCnNpbmNlIE9jdG9iZXIgMjR0aCwgMjAwNSBieSBEaWdpdGFsIFZhY2Np
bmUgcHJvdGVjdGlvbiBmaWx0ZXIgSUQgMzg2OC4gRm9yIA0KZnVydGhlciBwcm9kdWN0IGluZm9y
bWF0aW9uIG9uIHRoZSBUaXBwaW5nUG9pbnQgSVBTOiANCiAgICB3d3cudGlwcGluZ3BvaW50LmNv
bQ0KIA0KVnVsbmVyYWJpbGl0eSBEZXRhaWxzOg0KVGhpcyB2dWxuZXJhYmlsaXR5IGFsbG93cyBy
ZW1vdGUgYXR0YWNrZXJzIHRvIGV4ZWN1dGUgYXJiaXRyYXJ5IGNvZGUgb24gDQp2dWxuZXJhYmxl
IGluc3RhbGxhdGlvbnMgb2YgTm92ZWxsIE5ldG1haWwuIEF1dGhlbnRpY2F0aW9uIGlzIHJlcXVp
cmVkIHRvIA0KZXhwbG9pdCB0aGlzIHZ1bG5lcmFiaWxpdHkuIA0KDQpUaGlzIHNwZWNpZmljIGZs
YXcgZXhpc3RzIHdpdGhpbiB0aGUgSU1BUCBkYWVtb24uIEEgbGFjayBvZiBib3VuZHMgDQpjaGVj
a2luZyBkdXJpbmcgdGhlIHBhcnNpbmcgb2YgbG9uZyB2ZXJiIGFyZ3VtZW50cyByZXN1bHRzIGlu
IGFuIA0KZXhwbG9pdGFibGUgc3RhY2stYmFzZWQgb3ZlcmZsb3cuIA0KDQpWZW5kb3IgUmVzcG9u
c2U6DQoiTm92ZWxsIGhhcyBpc3N1ZWQgYSB1cGRhdGUgZm9yIHRoZSB2dWxuZXJhYmlsaXR5KGll
cykgYW5kIHRoZSB1cGRhdGUgaXMgDQphdmFpbGFibGUgYXQ6IiANCiAgICBzdXBwb3J0Lm5vdmVs
bC5jb20vZmlsZWZpbmRlci8xOTM1Ny9iZXRhLmh0bWwgDQoNCkRpc2Nsb3N1cmUgVGltZWxpbmU6
DQoyMDA1LjEwLjI0IOKAkyBWdWxuZXJhYmlsaXR5IHJlcG9ydGVkIHRvIHZlbmRvcg0KMjAwNS4x
MC4yNCDigJMgRGlnaXRhbCBWYWNjaW5lIHJlbGVhc2VkIHRvIFRpcHBpbmdQb2ludCBjdXN0b21l
cnMNCjIwMDUuMTEuMTcg4oCTIFZ1bG5lcmFiaWxpdHkgaW5mb3JtYXRpb24gcHJvdmlkZWQgdG8g
WkRJIHNlY3VyaXR5IHBhcnRuZXJzDQoyMDA1LjExLjE4IOKAkyBDb29yZGluYXRlZCBwdWJsaWMg
cmVsZWFzZSBvZiBhZHZpc29yeQ0KDQpDcmVkaXQ6DQpUaGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGRp
c2NvdmVyZWQgYnkgU2ViYXN0aWFuIEFwZWx0LiANCg0KQWJvdXQgdGhlIFplcm8gRGF5IEluaXRp
YXRpdmUgKFpESSk6DQpFc3RhYmxpc2hlZCBieSBUaXBwaW5nUG9pbnQsIGEgZGl2aXNpb24gb2Yg
M0NvbSwgVGhlIFplcm8gRGF5IEluaXRpYXRpdmUgDQooWkRJKSByZXByZXNlbnRzIGEgYmVzdC1v
Zi1icmVlZCBtb2RlbCBmb3IgcmV3YXJkaW5nIHNlY3VyaXR5IHJlc2VhcmNoZXJzIA0KZm9yIHJl
c3BvbnNpYmx5IGRpc2Nsb3NpbmcgZGlzY292ZXJlZCB2dWxuZXJhYmlsaXRpZXMuIA0KDQpSZXNl
YXJjaGVycyBpbnRlcmVzdGVkIGluIGdldHRpbmcgcGFpZCBmb3IgdGhlaXIgc2VjdXJpdHkgcmVz
ZWFyY2ggdGhyb3VnaCANCnRoZSBaREkgY2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBhbmQgc2ln
bi11cCBhdDogDQogICAgd3d3Lnplcm9kYXlpbml0aWF0aXZlLmNvbSANCg0KVGhlIFpESSBpcyB1
bmlxdWUgaW4gaG93IHRoZSBhY3F1aXJlZCB2dWxuZXJhYmlsaXR5IGluZm9ybWF0aW9uIGlzIHVz
ZWQuIA0KM0NvbSBkb2VzIG5vdCByZS1zZWxsIHRoZSB2dWxuZXJhYmlsaXR5IGRldGFpbHMgb3Ig
YW55IGV4cGxvaXQgY29kZS4gDQpJbnN0ZWFkLCB1cG9uIG5vdGlmeWluZyB0aGUgYWZmZWN0ZWQg
cHJvZHVjdCB2ZW5kb3IsIDNDb20gcHJvdmlkZXMgaXRzIA0KY3VzdG9tZXJzIHdpdGggemVybyBk
YXkgcHJvdGVjdGlvbiB0aHJvdWdoIGl0cyBpbnRydXNpb24gcHJldmVudGlvbiANCnRlY2hub2xv
Z3kuIEV4cGxpY2l0IGRldGFpbHMgcmVnYXJkaW5nIHRoZSBzcGVjaWZpY3Mgb2YgdGhlIHZ1bG5l
cmFiaWxpdHkgDQphcmUgbm90IGV4cG9zZWQgdG8gYW55IHBhcnRpZXMgdW50aWwgYW4gb2ZmaWNp
YWwgdmVuZG9yIHBhdGNoIGlzIHB1YmxpY2x5IA0KYXZhaWxhYmxlLiBGdXJ0aGVybW9yZSwgd2l0
aCB0aGUgYWx0cnVpc3RpYyBhaW0gb2YgaGVscGluZyB0byBzZWN1cmUgYSANCmJyb2FkZXIgdXNl
ciBiYXNlLCAzQ29tIHByb3ZpZGVzIHRoaXMgdnVsbmVyYWJpbGl0eSBpbmZvcm1hdGlvbiANCmNv
bmZpZGVudGlhbGx5IHRvIHNlY3VyaXR5IHZlbmRvcnMgKGluY2x1ZGluZyBjb21wZXRpdG9ycykg
d2hvIGhhdmUgYSANCnZ1bG5lcmFiaWxpdHkgcHJvdGVjdGlvbiBvciBtaXRpZ2F0aW9uIHByb2R1
Y3QuIA0K
--=_alternative 006348FA882570BD_=
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlpESS0wNS0wMDMgLSBOb3ZlbGwg
TmV0TWFpbCBJTUFQRCBCdWZmZXINCk92ZXJmbG93czwvZm9udD4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+aHR0cDovL3d3dy56ZXJvZGF5aW5pdGlhdGl2ZS5jb20vYWR2aXNv
cmllcy9aREktMDUtMDAzLmh0bWw8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMt
c2VyaWYiPk5vdmVtYmVyIDE4dGgsIDIwMDU8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQgc2l6ZT0y
IGZhY2U9InNhbnMtc2VyaWYiPkNWRSBJRDogQ0FOLTIwMDUtMzMxNCA8L2ZvbnQ+DQo8YnI+DQo8
YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkFmZmVjdGVkIFZlbmRvcjo8L2ZvbnQ+
DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZuYnNwOy0gTm92ZWxsPC9mb250
Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj5BZmZlY3RlZCBQcm9k
dWN0czo8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZuYnNwOy0g
Tm92ZWxsIE5ldG1haWwgMy41LjIgPC9mb250Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNl
PSJzYW5zLXNlcmlmIj5UaXBwaW5nUG9pbnRUTSBJUFMgQ3VzdG9tZXIgUHJvdGVjdGlvbjo8L2Zv
bnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRpcHBpbmdQb2ludCBJUFMg
Y3VzdG9tZXJzIGhhdmUgYmVlbg0KcHJvdGVjdGVkIGFnYWluc3QgdGhpcyB2dWxuZXJhYmlsaXR5
IHNpbmNlIE9jdG9iZXIgMjR0aCwgMjAwNSBieSBEaWdpdGFsDQpWYWNjaW5lIHByb3RlY3Rpb24g
ZmlsdGVyIElEIDM4NjguIEZvciBmdXJ0aGVyIHByb2R1Y3QgaW5mb3JtYXRpb24gb24gdGhlDQpU
aXBwaW5nUG9pbnQgSVBTOiA8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2Vy
aWYiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3d3dy50aXBwaW5ncG9pbnQuY29tPC9mb250Pg0K
PGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj4mbmJzcDs8L2ZvbnQ+DQo8YnI+PGZv
bnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlZ1bG5lcmFiaWxpdHkgRGV0YWlsczo8L2ZvbnQ+
DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRoaXMgdnVsbmVyYWJpbGl0eSBh
bGxvd3MgcmVtb3RlIGF0dGFja2Vycw0KdG8gZXhlY3V0ZSBhcmJpdHJhcnkgY29kZSBvbiB2dWxu
ZXJhYmxlIGluc3RhbGxhdGlvbnMgb2YgTm92ZWxsIE5ldG1haWwuDQpBdXRoZW50aWNhdGlvbiBp
cyByZXF1aXJlZCB0byBleHBsb2l0IHRoaXMgdnVsbmVyYWJpbGl0eS4gPC9mb250Pg0KPGJyPg0K
PGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj5UaGlzIHNwZWNpZmljIGZsYXcgZXhp
c3RzIHdpdGhpbiB0aGUNCklNQVAgZGFlbW9uLiBBIGxhY2sgb2YgYm91bmRzIGNoZWNraW5nIGR1
cmluZyB0aGUgcGFyc2luZyBvZiBsb25nIHZlcmINCmFyZ3VtZW50cyByZXN1bHRzIGluIGFuIGV4
cGxvaXRhYmxlIHN0YWNrLWJhc2VkIG92ZXJmbG93LiA8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQg
c2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlZlbmRvciBSZXNwb25zZTo8L2ZvbnQ+DQo8YnI+PGZv
bnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPiZxdW90O05vdmVsbCBoYXMgaXNzdWVkIGEgdXBk
YXRlIGZvcg0KdGhlIHZ1bG5lcmFiaWxpdHkoaWVzKSBhbmQgdGhlIHVwZGF0ZSBpcyBhdmFpbGFi
bGUgYXQ6JnF1b3Q7IDwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7c3VwcG9ydC5ub3ZlbGwuY29tL2ZpbGVmaW5kZXIvMTkz
NTcvYmV0YS5odG1sDQo8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMt
c2VyaWYiPkRpc2Nsb3N1cmUgVGltZWxpbmU6PC9mb250Pg0KPGJyPjxmb250IHNpemU9MiBmYWNl
PSJzYW5zLXNlcmlmIj4yMDA1LjEwLjI0IOKAkyBWdWxuZXJhYmlsaXR5IHJlcG9ydGVkDQp0byB2
ZW5kb3I8L2ZvbnQ+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPjIwMDUuMTAu
MjQg4oCTIERpZ2l0YWwgVmFjY2luZSByZWxlYXNlZA0KdG8gVGlwcGluZ1BvaW50IGN1c3RvbWVy
czwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+MjAwNS4xMS4xNyDi
gJMgVnVsbmVyYWJpbGl0eSBpbmZvcm1hdGlvbg0KcHJvdmlkZWQgdG8gWkRJIHNlY3VyaXR5IHBh
cnRuZXJzPC9mb250Pg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNlcmlmIj4yMDA1LjEx
LjE4IOKAkyBDb29yZGluYXRlZCBwdWJsaWMgcmVsZWFzZQ0Kb2YgYWR2aXNvcnk8L2ZvbnQ+DQo8
YnI+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkNyZWRpdDo8L2ZvbnQ+DQo8
YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlRoaXMgdnVsbmVyYWJpbGl0eSB3YXMg
ZGlzY292ZXJlZCBieQ0KU2ViYXN0aWFuIEFwZWx0LiA8L2ZvbnQ+DQo8YnI+DQo8YnI+PGZvbnQg
c2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkFib3V0IHRoZSBaZXJvIERheSBJbml0aWF0aXZlICha
REkpOjwvZm9udD4NCjxicj48Zm9udCBzaXplPTIgZmFjZT0ic2Fucy1zZXJpZiI+RXN0YWJsaXNo
ZWQgYnkgVGlwcGluZ1BvaW50LCBhIGRpdmlzaW9uDQpvZiAzQ29tLCBUaGUgWmVybyBEYXkgSW5p
dGlhdGl2ZSAoWkRJKSByZXByZXNlbnRzIGEgYmVzdC1vZi1icmVlZCBtb2RlbA0KZm9yIHJld2Fy
ZGluZyBzZWN1cml0eSByZXNlYXJjaGVycyBmb3IgcmVzcG9uc2libHkgZGlzY2xvc2luZyBkaXNj
b3ZlcmVkDQp2dWxuZXJhYmlsaXRpZXMuIDwvZm9udD4NCjxicj4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+UmVzZWFyY2hlcnMgaW50ZXJlc3RlZCBpbiBnZXR0aW5nIHBhaWQN
CmZvciB0aGVpciBzZWN1cml0eSByZXNlYXJjaCB0aHJvdWdoIHRoZSBaREkgY2FuIGZpbmQgbW9y
ZSBpbmZvcm1hdGlvbiBhbmQNCnNpZ24tdXAgYXQ6IDwvZm9udD4NCjxicj48Zm9udCBzaXplPTIg
ZmFjZT0ic2Fucy1zZXJpZiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7d3d3Lnplcm9kYXlpbml0
aWF0aXZlLmNvbQ0KPC9mb250Pg0KPGJyPg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5zLXNl
cmlmIj5UaGUgWkRJIGlzIHVuaXF1ZSBpbiBob3cgdGhlIGFjcXVpcmVkDQp2dWxuZXJhYmlsaXR5
IGluZm9ybWF0aW9uIGlzIHVzZWQuIDNDb20gZG9lcyBub3QgcmUtc2VsbCB0aGUgdnVsbmVyYWJp
bGl0eQ0KZGV0YWlscyBvciBhbnkgZXhwbG9pdCBjb2RlLiBJbnN0ZWFkLCB1cG9uIG5vdGlmeWlu
ZyB0aGUgYWZmZWN0ZWQgcHJvZHVjdA0KdmVuZG9yLCAzQ29tIHByb3ZpZGVzIGl0cyBjdXN0b21l
cnMgd2l0aCB6ZXJvIGRheSBwcm90ZWN0aW9uIHRocm91Z2ggaXRzDQppbnRydXNpb24gcHJldmVu
dGlvbiB0ZWNobm9sb2d5LiBFeHBsaWNpdCBkZXRhaWxzIHJlZ2FyZGluZyB0aGUgc3BlY2lmaWNz
DQpvZiB0aGUgdnVsbmVyYWJpbGl0eSBhcmUgbm90IGV4cG9zZWQgdG8gYW55IHBhcnRpZXMgdW50
aWwgYW4gb2ZmaWNpYWwgdmVuZG9yDQpwYXRjaCBpcyBwdWJsaWNseSBhdmFpbGFibGUuIEZ1cnRo
ZXJtb3JlLCB3aXRoIHRoZSBhbHRydWlzdGljIGFpbSBvZiBoZWxwaW5nDQp0byBzZWN1cmUgYSBi
cm9hZGVyIHVzZXIgYmFzZSwgM0NvbSBwcm92aWRlcyB0aGlzIHZ1bG5lcmFiaWxpdHkgaW5mb3Jt
YXRpb24NCmNvbmZpZGVudGlhbGx5IHRvIHNlY3VyaXR5IHZlbmRvcnMgKGluY2x1ZGluZyBjb21w
ZXRpdG9ycykgd2hvIGhhdmUgYSB2dWxuZXJhYmlsaXR5DQpwcm90ZWN0aW9uIG9yIG1pdGlnYXRp
b24gcHJvZHVjdC4gPC9mb250Pg0K
--=_alternative 006348FA882570BD_=--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed