製品・ソフトウェアに関する情報

JVN脆弱性詳細

Novell eDirectory および Novell NetMail におけるスタックベースのバッファオーバーフローの脆弱性

Title	Novell eDirectory および Novell NetMail におけるスタックベースのバッファオーバーフローの脆弱性
Summary	Novell eDirectory および Novell NetMail には、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、以下を介して、任意のコードを実行される可能性があります。 (1) BuildRedirectURL 関数内でオーバーフローを誘発する過度に長い HTTP Host ヘッダ (2) SMTP サービス内の . (ドット) 文字を含むユーザ名 (3) POP サービス内の . (ドット) 文字を含むユーザ名 (4) IMAP サービス内の . (ドット) 文字を含むユーザ名 (5) HTTP サービス内の . (ドット) 文字を含むユーザ名 (6) Networked Messaging Application Protocol (NMAP) Netmail サービス
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 24, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

Novell

eDirectory 8.8.1 FTF1 未満の 8.8.x、8.x から 8.7.3.8、および 3.52e FTF2 未満の Novell NetMail

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5478	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5478
National Vulnerability Database (NVD)
2	CVE-2006-5478	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5478

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Novell
1	3723994	http://www.novell.com/support/kb/doc.php?id=3723994

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5478

Summary	Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
Summary	Múltiples desbordamientos de búfer basado en pila en Novell eDirectory 8.8.x anterior a 8.8.1 FTF1, y 8.x hasta 8.7.3.8, y Novell NetMail anterior a 3.52e FTF2, permite a atacantes remotos ejecutar código de su elección mediante (1) una cabecera HTTP Host larga, que provoca el desbordamiento en la función BuildRedirectURL; o vectores relacionados con un nombre de usuario que contiene un carácter . (punto) en los servicios Netmail (2) SMTP, (3) POP, (4) IMAP, (5) HTTP o (6) Networked Messaging Application Protocol (NMAP).
Publication Date	Oct. 25, 2006, 5:07 a.m.
Registration Date	Jan. 29, 2021, 3:48 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:novell:edirectory:8.0:::::::*
cpe:2.3:a:novell:edirectory:8.5:::::::*
cpe:2.3:a:novell:edirectory:8.5.12a:::::::*
cpe:2.3:a:novell:edirectory:8.5.27:::::::*
cpe:2.3:a:novell:edirectory:8.6.2:::::::*
cpe:2.3:a:novell:edirectory:8.7:::::::*
cpe:2.3:a:novell:edirectory:8.7.1:::::::*
cpe:2.3:a:novell:edirectory:8.7.1:sp1::::::
cpe:2.3:a:novell:edirectory:8.7.3:::::::*
cpe:2.3:a:novell:edirectory:8.7.3.8_presp9:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html	cve@mitre.org
2	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html	cve@mitre.org
3	http://secunia.com/advisories/22519	cve@mitre.org
4	http://securitytracker.com/id?1017125	cve@mitre.org
5	http://securitytracker.com/id?1017141	cve@mitre.org
6	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm	cve@mitre.org
7	http://www.mnin.org/advisories/2006_novell_httpstk.pdf	cve@mitre.org
8	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401	cve@mitre.org
9	http://www.securityfocus.com/archive/1/449899/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/archive/1/450017/100/0/threaded	cve@mitre.org
11	http://www.securityfocus.com/archive/1/450520/100/100/threaded	cve@mitre.org
12	http://www.securityfocus.com/bid/20655	cve@mitre.org
13	http://www.securityfocus.com/bid/20853	cve@mitre.org
14	http://www.vupen.com/english/advisories/2006/4141	cve@mitre.org
15	http://www.zerodayinitiative.com/advisories/ZDI-06-035.html	cve@mitre.org
16	http://www.zerodayinitiative.com/advisories/ZDI-06-036.html	cve@mitre.org
17	https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html	cve@mitre.org
18	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html	af854a3a-2127-422b-91ae-364da2661108
19	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html	af854a3a-2127-422b-91ae-364da2661108
20	http://secunia.com/advisories/22519	af854a3a-2127-422b-91ae-364da2661108
21	http://securitytracker.com/id?1017125	af854a3a-2127-422b-91ae-364da2661108
22	http://securitytracker.com/id?1017141	af854a3a-2127-422b-91ae-364da2661108
23	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm	af854a3a-2127-422b-91ae-364da2661108
24	http://www.mnin.org/advisories/2006_novell_httpstk.pdf	af854a3a-2127-422b-91ae-364da2661108
25	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401	af854a3a-2127-422b-91ae-364da2661108
26	http://www.securityfocus.com/archive/1/449899/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
27	http://www.securityfocus.com/archive/1/450017/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
28	http://www.securityfocus.com/archive/1/450520/100/100/threaded	af854a3a-2127-422b-91ae-364da2661108
29	http://www.securityfocus.com/bid/20655	af854a3a-2127-422b-91ae-364da2661108
30	http://www.securityfocus.com/bid/20853	af854a3a-2127-422b-91ae-364da2661108
31	http://www.vupen.com/english/advisories/2006/4141	af854a3a-2127-422b-91ae-364da2661108
32	http://www.zerodayinitiative.com/advisories/ZDI-06-035.html	af854a3a-2127-422b-91ae-364da2661108
33	http://www.zerodayinitiative.com/advisories/ZDI-06-036.html	af854a3a-2127-422b-91ae-364da2661108
34	https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:novell:edirectory:8.0:::::::*
cpe:2.3:a:novell:edirectory:8.5:::::::*
cpe:2.3:a:novell:edirectory:8.5.12a:::::::*
cpe:2.3:a:novell:edirectory:8.5.27:::::::*
cpe:2.3:a:novell:edirectory:8.6.2:::::::*
cpe:2.3:a:novell:edirectory:8.7:::::::*
cpe:2.3:a:novell:edirectory:8.7.1:::::::*
cpe:2.3:a:novell:edirectory:8.7.1:sp1::::::
cpe:2.3:a:novell:edirectory:8.7.3:::::::*
cpe:2.3:a:novell:edirectory:8.7.3.8_presp9:::::::*