Novell NetMail IMAP Agent Long Verb Arguments Remote Overflow

High Nessus Plugin ID 20318


The remote IMAP server is affected by a buffer overflow vulnerability.


The remote host is running Novell NetMail, a messaging and calendaring system for Windows, Linux, Unix, and NetWare.

The IMAP agent installed on the remote host as part of Novell NetMail is affected by a stack-based buffer overflow due to its improper handling of long arguments to selected IMAP commands while in an authenticated state. Successful exploitation of this issue may lead to the execution of arbitrary code on the remote host.


Upgrade to NetMail 3.52E FTF (Field Test File) 1 or later.

See Also

Plugin Details

Severity: High

ID: 20318

File Name: novell_netmail_imapd_long_args_overflows.nasl

Version: $Revision: 1.17 $

Type: remote

Published: 2005/12/16

Modified: 2014/03/12

Dependencies: 10125

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Excluded KB Items: imap/false_imap, imap/overflow

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2005/11/17

Vulnerability Publication Date: 2005/11/18

Exploitable With

Metasploit (Novell NetMail IMAP STATUS Buffer Overflow)

Reference Information

CVE: CVE-2005-3314

BID: 15491

OSVDB: 20956