IBM Lotus Domino IMAP Service Mailbox Name Overflow

high Nessus Plugin ID 27535

Synopsis

The remote IMAP server is affected by a buffer overflow vulnerability.

Description

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to properly validate the mailbox name before copying it into a fixed-size stack buffer as part of handling certain unspecified commands. Using a specially crafted mailbox name to which he is subscribed, an authenticated attacker can leverage this issue to execute arbitrary code remotely.

Note that successful exploitation typically results in SYSTEM-level access under Windows and non-root access on unix-like systems.

Solution

Upgrade to Domino 6.5.6 Fix Pack 2 / 7.0.2 Fix Pack 3 / 7.0.3 / 8.0 or later.

See Also

http://www.nessus.org/u?2363e0e5

https://www.securityfocus.com/archive/1/482739/30/0/threaded

https://www-01.ibm.com/support/docview.wss?uid=swg21270623

Plugin Details

Severity: High

ID: 27535

File Name: domino_imap_overflow.nasl

Version: 1.18

Type: remote

Published: 10/24/2007

Updated: 4/7/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3510

BID: 26176

CWE: 119