__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN NetMail 3.52E Update [Novell Document] March 8, 2007 22:00 GMT Number R-173 ______________________________________________________________________________ PROBLEM: A buffer overflow vulnerability exists in Novell NetMail. PLATFORM: NetMail 3.52d DAMAGE: May allow an attacker to execute arbitrary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. May allow an attacker to execute arbitrary ASSESSMENT: code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-173.shtml ORIGINAL BULLETIN: http://download.novell.com/Download?buildid=sMYRODW09pw CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-1350 ______________________________________________________________________________ [***** Start Novell Document *****] NetMail 3.52E Update Patch Distribution Type: Public Name Size license_agreement.txt 2.1 KB (2252) netmail352e_lin.tgz 16.6 MB (17417212) netmail352e_nw.zip 14.4 MB (15158134) netmail352e_win.zip 14.5 MB (15236335) readme.pdf 493.1 KB (504998) readme_5002780.html 7.5 KB (7753) Related Product(s) Patch Status for Product Superceded By NetMail 3.5.2 Active platformsWindows 2000 Server/2003/2003 Server Standard Edition, SUSE LINUX Enterprise Server 10/9, NetWare 6.5 localizationsEnglish how to use a download manager Readme TID# 5002780 Revision: 1 Created: 2007-02-01 12:12:06 Distribution: Public Details: Overview: NetMail 3.52e is a free update for NetMail 3.52. It contains fixes for software defects and configuration problems. This is a cumulative patch containing all the fixes in previous patches including NetMail 3.52e FTF 1 and FTF 2. You do not need to install any other NetMail 3.52 patch before installing NetMail 3.52e. Installation: Please refer to the included readme.pdf for platform specific installation instructions. Known Problems and Limitations: The webadmin binary distributed with this patch is incompatible with the old Nsure Audit webadmin plug-in. Please use the administration tool recommended by Nsure Audit to administer Nsure Audit. This webadmin binary is only intended to be used with NetMail plug-ins. Security Fixes: Fixed buffer overruns. These include issues identified in the following security alerts: ZDI-CAN-133 ZDI-CAN-085 ZDI-CAN-086 ZDI-CAN-082 IDEF1651, IDEF1792 ZDI-CAN-076 Change Log: Changes since 3.52D 1. Fixed buffer overruns. These include issues identified in the following security alerts: ZDI-CAN-133, ZDI-CAN-085, ZDI-CAN-086, ZDI-CAN-082, IDEF1651, IDEF1792 Affected Binaries: nmapd, imapd, webadmin 2. Fixed buffer overruns in Windows version. See ZDI-CAN-076. 3. Fixed page fault by updating the openssl libraries from version 0.9.6 to 0.9.8. Affected Binaries: imapd, pop3d, modwebd, smtpd 4. Fixed issue where attendee status information may not be updated in the organizers calendar. Affected Binaries: mwcal, cal 5. Fixed issue where under high load conditions new messages received be inappropriately delayed for delivery. Affected Binaries: nmapd 6. Fixed page faults Affected Binaries: imapd, modwebd 7. Fixed CleanQ to have better performance and to better recover from errors. Affected Platforms: Linux 8. Fix issue that could cause random errors during IP reads. Affected Platforms: Linux 9. Added log events for tracking activity of the proxy agent. Affected Binaries: msgproxy 10. Added additional log events for tracking messages in the queue. Affected Binaries: nmapd 11. Fixed syntax error in the Nsure Audit schema file (netmail.lsc) that prevented it from being imported. The Nsure Audit administration tool should be used it import this file. 12. Fix queue agents to use configured email address instead of userid@defaultdomain for the from field when creating new messages in behalf of a user. Affected Binaries: rulesrv, forward 13. Fixed issue that prevented newer versions of the Firefox browsers from uploading attachments. Affected Binaries: modwebd 14. Fixed issue that prevented some browsers from recognizing MIME types when when downloading attachments. Affected Binaries: modwebd 15. Reduce the chance of two messages being assigned the same UIDL, a condition that would confuse POP clients. Affected Binaries: nmapd 16. Disable Nagel's algorithm for store connections: Affected Binaries: nmapd File Contents Files Included Size Date netmail352e_lin.tgz 16.6 MB (17417212) 2007-01-03 16:26:06 netmail352e_nw.zip 14.4 MB (15158134) 2007-02-01 10:00:07 netmail352e_win.zip 14.5 MB (15236335) 2007-01-03 16:26:04 readme.pdf 493.1 KB (504998) 2007-01-03 15:33:06 readme_5002780.html N/A 2007-02-01 12:12:06 Superceded Patches File Product Patch Status nm352a_alias.exe NetMail 3.5.2 NetMail Post-352A Alias Agent for Windows Active nm352a_alias.zip NetMail 3.5.2 NetMail Post-352A Alias Agent for NetWare Active nm352a_alias.tgz NetMail 3.5.2 NetMail Post-352A Alias Agent for Linux Active nm352e_ftf1_lx.tgz NetMail 3.5.2 NetMail 3.52e FTF 1 for Linux Active nm352e_ftf1_nw.zip NetMail 3.5.2 NetMail 3.52e FTF 1 for NetWare Active nm352e_ftf1_win.zip NetMail 3.5.2 NetMail 3.52e FTF 1 for Windows Active nm352e_ftf2_nw.zip NetMail 3.5.2 NetMail 3.52e FTF 2 for NetWare Active nm352e_ftf2_win.zip NetMail 3.5.2 NetMail 3.52e FTF 2 for Windows Active nm352e_ftf2_lx.tgz NetMail 3.5.2 NetMail 3.52e FTF 2 for Linux Active [***** End Novell Document *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Novell for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-161: Stack Overflow in Third-Party ActiveX Controls R-162: Mozilla Firefox has a Memory Corruption R-163: Mozilla Crashes with Evidence of Memory Corruption R-165: Firefox Security Update R-166: Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability R-168: Vulnerability in Citrix Presentation Server Client for Windows R-169: EMC NetWorker Management Console Vulnerability R-170: Symantec Mail Security for SMTP Vulnerability R-171: Apple QuickTime 7.1.5 R-172: GnuPG Security Update