Novell NetMail IMAP Agent存在拒绝服务攻击漏洞

发布时间：2002-07-18
更新时间：2002-07-18
严重程度：中
威胁程度：远程拒绝服务
错误类型：边界检查错误
利用方式：服务器模式

BUGTRAQ ID：5232

受影响系统

Novell NetMail 3.0.3
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 95 SR2
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
   - RedHat Linux 7.3
   - Sun Solaris 2.5
   - Sun Solaris 2.6
   - Sun Solaris 7.0
   - Sun Solaris 8.0
   - Sun Solaris 9.0
Novell NetMail 3.1
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 95 SR2
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
   - RedHat Linux 7.3
   - Sun Solaris 2.5
   - Sun Solaris 2.6
   - Sun Solaris 7.0
   - Sun Solaris 8.0
   - Sun Solaris 9.0
Novell NetMail XE 3.1
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 95 SR2
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional

详细描述
Novell Netmail 3.1和3.0.3版本存在漏洞，IMAP(Internet Message Access Protocol)代理在接收部分畸形数据时存在拒绝服务攻击条件。

存在以ROOT权限执行任意代码的可能。

测试代码
无

解决方案
补丁下载：

Novell NetMail 3.0.3:

Novell Upgrade nims303a.zip
http://support.novell.com/servlet/tidfinder/2962974
Netmail (NIMS) 3.0.3A Update for NetWare

Novell Upgrade nims303a.tgz
http://support.novell.com/servlet/tidfinder/2962976
NetMail (NIMS) 3.0.3A Update for Linux

Novell Upgrade nims303a.tar.z
http://support.novell.com/servlet/tidfinder/2962977
NetMail (NIMS) 3.0.3A Update for Solaris

Novell NetMail 3.1:

Novell Upgrade ntml31a_w32.zip
http://support.novell.com/servlet/tidfinder/2962982
NetMail 3.1a Update for Windows

Novell Upgrade ntml31a.tgz
http://support.novell.com/servlet/tidfinder/2962980
NetMail 3.1a Update for Linux

Novell Upgrade ntml31a.tar.z
http://support.novell.com/servlet/tidfinder/2962981
NetMail 3.1a Update for Solaris

Novell Upgrade ntml31a_nw.zip
http://support.novell.com/servlet/tidfinder/2962978
NetMail 3.1a Update for NetWare

Novell NetMail XE 3.1:

Novell Upgrade ntmlxe31a.zip
http://support.novell.com/servlet/tidfinder/2962983
NetMail XE 3.1a Update

相关信息
Patrik Karlsson & Jonas L?ndin
参考：http://online.securityfocus.com/archive/1/282260
相关主页：http://www.novell.com/products/nims/index.html

最近严重漏洞

Novell NetMail IMAP Agent存在拒绝服务攻击漏洞