Info

Disclosure

Jul 08, 2005

Discovery

Unknown

Dates

Exploit

Jul 08, 2005

Solution

Unknown

Description

Novell NetMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application automatically processes HTML in an attachment without prompting the user to save or open it. This could allow a user to create a specially crafted html e-mail attachment that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 3.52D or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Novell, Inc.	Novell NetMail	3.52D
		3.52C1
		3.52B
		3.52A
		3.52
		3.10h
		3.10g
		3.10f
		3.10e
		3.10d
		3.10c
		3.10b
		3.10a
		3.10
		3.1f
		3.1
		3.0.3b
		3.0.3a
		3.0.3
		3.0.1

References

Security Tracker: 1014439
Bugtraq ID: 14171
SCIP VulDB ID: 1590
Secunia Advisory ID: 15962
CVE ID: 2005-2176 (see also: NVD)
VUPEN Advisory: ADV-2005-0994
Vendor Specific News/Changelog Entry: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm
Vendor URL: http://www.novell.com/products/netmail/
Keyword: TID2972340 TID2972433 TID2972438

Credit

Shalom Carmel - shalomvenera.com -

Direct URL: http://osvdb.org/17821

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Novell, Inc.

Novell NetMail

References

Credit