IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
BID:26219
Info
IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
| Bugtraq ID: | 26219 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 27 2007 12:00AM |
| Updated: | Oct 29 2007 04:06PM |
| Credit: | Discovery is credited to Manuel Santamarina Suarez. |
| Vulnerable: |
IBM Lotus Domino 7.0.2 FP1 |
| Not Vulnerable: | |
Discussion
IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
An exploit is available for Lotus Domino Server running on Windows platforms. It is not known if other platforms are affected.
This issue may be related to the IMAP buffer-overflow vulnerability described in BID 26176.
IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
An exploit is available for Lotus Domino Server running on Windows platforms. It is not known if other platforms are affected.
This issue may be related to the IMAP buffer-overflow vulnerability described in BID 26176.
Exploit / POC
IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
IBM Lotus Domino IMAP4 LSUB Buffer Overflow Vulnerability
References:
References:
- IBM Homepage (IBM)
- Lotus Domino Product Homepage (IBM)