IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
BID:26176
Info
IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
| Bugtraq ID: | 26176 |
| Class: | Unknown |
| CVE: |
CVE-2007-3510 CVE-2007-5700 CVE-2007-5701 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 23 2007 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | VeriSign iDefense VCP, Michael Gollmick and an unknown IBM customer are credited with discovery of these vulnerabilities. |
| Vulnerable: |
IBM Lotus Notes 6.5.6 FP2 IBM Lotus Domino 7.0.3 IBM Lotus Domino 7.0.2 FP2 IBM Lotus Domino 7.0.2 FP1 IBM Lotus Domino 7.0.2 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.6 IBM Lotus Domino 6.5.5 FP3 IBM Lotus Domino 6.5.5 FP2 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 8.0 |
| Not Vulnerable: | |
Discussion
IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
IBM Lotus Domino is prone to multiple information-disclosure vulnerabilities and a buffer-overflow vulnerability.
An attacker can exploit these issues to obtain sensitive information, execute arbitrary code with the SYSTEM-level privileges, and crash the affected application.
IBM Lotus Domino is prone to multiple information-disclosure vulnerabilities and a buffer-overflow vulnerability.
An attacker can exploit these issues to obtain sensitive information, execute arbitrary code with the SYSTEM-level privileges, and crash the affected application.
Exploit / POC
IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
Some of theses issues do not require specific exploits.
Core Security Technologies has developed a working commercial exploit for its IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Some of theses issues do not require specific exploits.
Core Security Technologies has developed a working commercial exploit for its IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
Solution:
The vendor released updates to address these issues. Please see the references for more information.
Solution:
The vendor released updates to address these issues. Please see the references for more information.
References
IBM Lotus Domino Information Disclosure Vulnerabilities and Buffer Overflow Vulnerability
References:
References:
- Lotus Domino Product Homepage (IBM)
- [Full-disclosure] iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buf (iDefense Labs
- Evaluate LotusScript method returns unexpected results (IBM)
- IBM Lotus Domino IMAP Buffer Overflow Vulnerability (iDefense Labs)
- Lotus Domino IMAP buffer overflow vulnerability (IBM)
- Potential security issue with Domino Certificate Authority (CA) process commands (IBM)