Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IBM Lotus Domino Multiple Remote Buffer Overflow Vulnerabilities

Information

Severity

Severity

Critical

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

4 years ago

Summary

The host is running IBM Lotus Domino Server and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - Stack overflow in the SMTP service, which allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message. - Buffer overflow in nLDAP.exe, which allows remote attackers to execute arbitrary code via an LDAP Bind operation. - Stack overflow in the NRouter service, which allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages. - Multiple stack overflows in the POP3 and IMAP services, which allows remote attackers to execute arbitrary code via non-printable characters in an envelope sender address. - The Remote Console, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors.

Affected Software

Affected Software

IBM Lotus Domino versions 8.5.3 prior

Solution

Solution

Upgrade to version 8.5.2 FP3 or 8.5.3 or later.

Common Vulnerabilities and Exposures (CVE)