OSVDB ID: 12234

Title: Novell NetMail Default NMAP Authentication Credential Failure Arbitrary Mail Access

Info

Disclosure

Dec 03, 2004

Discovery

Unknown

Dates

Exploit

Dec 03, 2004

Solution

Unknown

Description

Novell Netmail contains a flaw that may allow a malicious user to arbitrary access the mail store. The issue is triggered when the default NMAP authentication credential is set automatically and is not changed after installation has finished. It is possible that the flaw may allow an attacker to gain access to the mail store data with read/write permissions resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.

Products

Novell, Inc.	NetMail	3.1
		3.5

References

Secunia Advisory ID: 13377
CVE ID: 2004-2298 (see also: NVD)
Other Advisory URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970344.htm
Vendor URL: http://www.novell.com

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/12234

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Novell, Inc.

NetMail

References

Credit