信息提供：

漏洞类别：

攻击类型：

发布日期：

更新日期：

受影响系统：

安全系统：

Novell NetMail 3.0.3 b
- Microsoft Windows XP Professional
Novell NetMail 3.0.3 b
- Microsoft Windows XP Home
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP6a
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP6
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP5
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP4
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP3
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP2
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0 SP1
Novell NetMail 3.0.3 b
- Microsoft Windows NT 4.0
Novell NetMail 3.0.3 b
- Microsoft Windows 2000 SP3
Novell NetMail 3.0.3 b
- Microsoft Windows 2000 Server SP2
Novell NetMail 3.0.3 b
- Microsoft Windows 2000 Server SP1
Novell NetMail 3.0.3 b
- RedHat Linux 7.3
Novell NetMail 3.0.3 b
- Sun Solaris 9.0
Novell NetMail 3.0.3 b
- Sun Solaris 8.0
Novell NetMail 3.0.3 b
- Sun Solaris 7.0
Novell NetMail 3.0.3 b
- Sun Solaris 2.6
Novell NetMail 3.0.3 b
- Sun Solaris 2.5
Novell NetMail 3.1 b
- Microsoft Windows XP Professional
Novell NetMail 3.1 b
- Microsoft Windows XP Home
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP6a
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP6
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP5
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP4
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP3
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP2
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0 SP1
Novell NetMail 3.1 b
- Microsoft Windows NT 4.0
Novell NetMail 3.1 b
- Microsoft Windows 2000 SP3
Novell NetMail 3.1 b
- Microsoft Windows 2000 Server SP2
Novell NetMail 3.1 b
- Microsoft Windows 2000 Server SP1
Novell NetMail 3.1 b
- RedHat Linux 7.3
Novell NetMail 3.1 b
- Sun Solaris 9.0
Novell NetMail 3.1 b
- Sun Solaris 8.0
Novell NetMail 3.1 b
- Sun Solaris 7.0
Novell NetMail 3.1 b
- Sun Solaris 2.6
Novell NetMail 3.1 b
- Sun Solaris 2.5
Novell NetMail XE 3.1 b
- Microsoft Windows XP Professional
Novell NetMail XE 3.1 b
- Microsoft Windows XP Home
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP6a
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP6
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP5
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP4
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP3
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP2
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0 SP1
Novell NetMail XE 3.1 b
- Microsoft Windows NT 4.0
Novell NetMail XE 3.1 b
- Microsoft Windows 2000 SP3
Novell NetMail XE 3.1 b
- Microsoft Windows 2000 Server SP2
Novell NetMail XE 3.1 b
- Microsoft Windows 2000 Server SP1
Novell NetMail XE 3.1 b
- RedHat Linux 7.3

漏洞报告人：

漏洞描述：

BUGTRAQ  ID: 5232
CVE(CAN) ID: CVE-2002-0997
Novell NetMail是一款由Novell公司开发的邮件处理系统，包含IMAP(Internet 信息访问协议)代理。
Novell NetMail IMAP代理在处理畸形数据时存在漏洞，远程攻击者可以利用这个漏洞进行拒绝服务攻击。
Novell NetMail的IMAP代理在接收到畸形数据时，可导致服务崩溃，停止对正常通信的响应。没有更详细的技术细节。

测试方法：

无

解决方法：

临时解决方法：
如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：
* 暂时没有合适的临时解决方法。
厂商补丁：
Novell
------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
Novell NetMail 3.0.3:
Novell Upgrade nims303b.zip
http://support.novell.com/servlet/tidfinder/2963002
Novell NetMail 3.0.3b update for Windows.
Novell Upgrade nims303b.tar.z
http://support.novell.com/servlet/tidfinder/2963004
Novell NetMail 3.0.3b update for Solaris.
Novell APAR nims303b.tgz
http://support.novell.com/servlet/tidfinder/2963003
Novell NetMail 3.0.3b update for Linux.
Novell NetMail 3.1:
Novell Upgrade ntml31b_nw.zip
http://support.novell.com/servlet/tidfinder/2963005
Novell NetMail 3.1b update for NetWare.
Novell Upgrade ntml31b_w32.zip
http://support.novell.com/servlet/tidfinder/2963006
Novell NetMail 3.1b update for Windows.
Novell Upgrade ntml31b.tgz
http://support.novell.com/servlet/tidfinder/2963007
Novell NetMail 3.1b update for Linux.
Novell Upgrade ntml31b.tar.z
http://support.novell.com/servlet/tidfinder/2963008
Novell NetMail 3.1b update for Solaris.
Novell NetMail XE 3.1:
Novell Upgrade ntmlxe31b.zip
http://support.novell.com/servlet/tidfinder/2963009
Novell NetMail XE 3.1b update.