Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
IBM Lotus Domino Multiple Remote Buffer Overflow Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running IBM Lotus Domino Server and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - Stack overflow in the SMTP service, which allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message. - Buffer overflow in nLDAP.exe, which allows remote attackers to execute arbitrary code via an LDAP Bind operation. - Stack overflow in the NRouter service, which allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages. - Multiple stack overflows in the POP3 and IMAP services, which allows remote attackers to execute arbitrary code via non-printable characters in an envelope sender address. - The Remote Console, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors.
Affected Software
Affected Software
IBM Lotus Domino versions 8.5.3 prior
Solution
Solution
Upgrade to version 8.5.2 FP3 or 8.5.3 or later.
Common Vulnerabilities and Exposures (CVE)
References
- http://secunia.com/advisories/43247
- http://secunia.com/advisories/43224
- http://zerodayinitiative.com/advisories/ZDI-11-045/
- http://zerodayinitiative.com/advisories/ZDI-11-049/
- http://zerodayinitiative.com/advisories/ZDI-11-047/
- http://zerodayinitiative.com/advisories/ZDI-11-046/
- http://www-01.ibm.com/support/docview.wss?uid=swg21461514
- http://www.protekresearchlab.com/index.php?option=com_content&view=art
- http://www-01.ibm.com/software/lotus/products/domino