IBM Lotus Domino iCalendar Email Address ORGANIZER:mailto Header Remote Overflow

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote mail service is affected by a remote stack-based buffer
overflow vulnerability.

Description :

According to its self-reported version, the remote SMTP service is an
instance of IBM Lotus Domino that is is affected by a remote
stack-based buffer overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to
execute arbitrary code in the context of the 'nrouter.exe' Lotus
Domino server process. Failed attacks will cause denial of service
conditions.

See also :

http://www.nessus.org/u?306e4571
http://www.nessus.org/u?7f176cb3
http://www.nessus.org/u?6fa36abe
http://www.nessus.org/u?b67c63ae
http://www.nessus.org/u?b1c391a1
http://www.nessus.org/u?cd9e7c99

Solution :

Upgrade to IBM Lotus Domino 8.0.2 FP5 / 8.5.1 FP2 / 8.5.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 53534 ()

Bugtraq ID: 43219

CVE ID: CVE-2010-3407