IBM Lotus Domino iCalendar Email Address ORGANIZER:mailto Header Remote Overflow

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote mail service is affected by a remote stack-based buffer
overflow vulnerability.

Description :

According to its self-reported version, the remote SMTP service is an
instance of IBM Lotus Domino that is is affected by a remote
stack-based buffer overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to
execute arbitrary code in the context of the 'nrouter.exe' Lotus
Domino server process. Failed attacks will cause denial of service

See also :

Solution :

Upgrade to IBM Lotus Domino 8.0.2 FP5 / 8.5.1 FP2 / 8.5.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 53534 ()

Bugtraq ID: 43219

CVE ID: CVE-2010-3407