Vulnerability Note VU#863313

Novell NetMail IMAP vulnerable to buffer overflow when processing "SUBSCRIBE" commands

Original Release date: 17 Jan 2007 | Last revised: 31 Jan 2007


A vulnerability in the way Novell Netmail handles IMAP SUBSCRIBE commands may cause a buffer overflow that may allow remote execution of arbitrary code.


Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the SUBSCRIBE command. An attacker must login to an affected system in order to take advantage of this vulnerability.


A remote, authenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.



Novell has released an update to address this issue. See Novell document 3717068 for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Novell, Inc.Affected-15 Jan 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This issue is addressed in Novell document 3717068. Novell credits Dennis Rand of CIRT.DK working with iDEFENSE for reporting this issue.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2006-6761
  • Date Public: 23 Dec 2006
  • Date First Published: 17 Jan 2007
  • Date Last Updated: 31 Jan 2007
  • Severity Metric: 5.49
  • Document Revision: 10


If you have feedback, comments, or additional information about this vulnerability, please send us email.