<br><font size=2 face="sans-serif">ZDI-05-003 - Novell NetMail IMAPD Buffer
Overflows</font>
<br><font size=2 face="sans-serif">http://www.zerodayinitiative.com/advisories/ZDI-05-003.html</font>
<br><font size=2 face="sans-serif">November 18th, 2005</font>
<br>
<br><font size=2 face="sans-serif">CVE ID: CAN-2005-3314 </font>
<br>
<br><font size=2 face="sans-serif">Affected Vendor:</font>
<br><font size=2 face="sans-serif"> - Novell</font>
<br>
<br><font size=2 face="sans-serif">Affected Products:</font>
<br><font size=2 face="sans-serif"> - Novell Netmail 3.5.2 </font>
<br>
<br><font size=2 face="sans-serif">TippingPointTM IPS Customer Protection:</font>
<br><font size=2 face="sans-serif">TippingPoint IPS customers have been
protected against this vulnerability since October 24th, 2005 by Digital
Vaccine protection filter ID 3868. For further product information on the
TippingPoint IPS: </font>
<br><font size=2 face="sans-serif"> www.tippingpoint.com</font>
<br><font size=2 face="sans-serif"> </font>
<br><font size=2 face="sans-serif">Vulnerability Details:</font>
<br><font size=2 face="sans-serif">This vulnerability allows remote attackers
to execute arbitrary code on vulnerable installations of Novell Netmail.
Authentication is required to exploit this vulnerability. </font>
<br>
<br><font size=2 face="sans-serif">This specific flaw exists within the
IMAP daemon. A lack of bounds checking during the parsing of long verb
arguments results in an exploitable stack-based overflow. </font>
<br>
<br><font size=2 face="sans-serif">Vendor Response:</font>
<br><font size=2 face="sans-serif">"Novell has issued a update for
the vulnerability(ies) and the update is available at:" </font>
<br><font size=2 face="sans-serif"> support.novell.com/filefinder/19357/beta.html
</font>
<br>
<br><font size=2 face="sans-serif">Disclosure Timeline:</font>
<br><font size=2 face="sans-serif">2005.10.24 – Vulnerability reported
to vendor</font>
<br><font size=2 face="sans-serif">2005.10.24 – Digital Vaccine released
to TippingPoint customers</font>
<br><font size=2 face="sans-serif">2005.11.17 – Vulnerability information
provided to ZDI security partners</font>
<br><font size=2 face="sans-serif">2005.11.18 – Coordinated public release
of advisory</font>
<br>
<br><font size=2 face="sans-serif">Credit:</font>
<br><font size=2 face="sans-serif">This vulnerability was discovered by
Sebastian Apelt. </font>
<br>
<br><font size=2 face="sans-serif">About the Zero Day Initiative (ZDI):</font>
<br><font size=2 face="sans-serif">Established by TippingPoint, a division
of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model
for rewarding security researchers for responsibly disclosing discovered
vulnerabilities. </font>
<br>
<br><font size=2 face="sans-serif">Researchers interested in getting paid
for their security research through the ZDI can find more information and
sign-up at: </font>
<br><font size=2 face="sans-serif"> www.zerodayinitiative.com
</font>
<br>
<br><font size=2 face="sans-serif">The ZDI is unique in how the acquired
vulnerability information is used. 3Com does not re-sell the vulnerability
details or any exploit code. Instead, upon notifying the affected product
vendor, 3Com provides its customers with zero day protection through its
intrusion prevention technology. Explicit details regarding the specifics
of the vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of helping
to secure a broader user base, 3Com provides this vulnerability information
confidentially to security vendors (including competitors) who have a vulnerability
protection or mitigation product. </font>