Think you have a false positive on this rule?

Sid 1-1993


PROTOCOL-IMAP login literal buffer overflow attempt


Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.


CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL


CVSS base score 9.0

CVSS impact score 10.0

CVSS exploitability score 8.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2006-6424: Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

Affected systems

  • novell netmail 3.0.1
  • novell netmail 3.0.3a
  • novell netmail 3.1
  • novell netmail 3.5
  • novell netmail 3.5.2
  • novell netmail 3.10

Ease of attack


Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.


  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References