Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lotus Domino IMAP Server < 6.5.6 / 7.0.2 FP1 CRAM-MD5 Authentication Overflow



The remote IMAP server is affected by a buffer overflow vulnerability.


The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to check the length of the supplied username in its CRAM-MD5 authentication mechanism before processing it. By supplying a username over 256 bytes, an unauthenticated remote attacker can leverage this issue to crash the affected service and possibly execute arbitrary code remotely.


Upgrade to version 6.5.6, 7.0.2 FP1 or higher.