CVE-2006-5478
CVE-2006-5478
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/28835unverifiedexploitdbwww.exploit-db.com/exploits/28836unverifiedexploitdbwww.exploit-db.com/exploits/28837unverifiedexploitdbwww.exploit-db.com/exploits/16773unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.htmlhttp://secunia.com/advisories/22519http://securitytracker.com/id?1017125http://securitytracker.com/id?1017141https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.htmlhttp://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htmhttp://www.mnin.org/advisories/2006_novell_httpstk.pdfhttp://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401http://www.securityfocus.com/archive/1/449899/100/0/threadedhttp://www.securityfocus.com/archive/1/450017/100/0/threadedhttp://www.securityfocus.com/archive/1/450520/100/100/threaded