| VID |
18105 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The IBM Lotus Domino's IMAP server, according to its banner, has a buffer overflow vulnerability via a long username. The IMAP server (nimap.exe) in IBM Lotus Domino versions prior to 6.5.6 and versions 7.x prior to 7.0.2 FP1 are vulnerable to a buffer overflow vulnerability, caused by improper bounds checking by the CRAM-MD5 authentication mechanism. By sending a specially-crafted telnet request containing a long username over 256 bytes, an unauthenticated remote attacker could execute arbitrary code on the host or cause the affected server to crash.
* Note: This check solely relied on the banner of the remote IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21257028
http://www.zerodayinitiative.com/advisories/ZDI-07-011.html
http://archives.neohapsis.com/archives/bugtraq/2007-03/0370.html
http://www.frsirt.com/english/advisories/2007/1133
http://www.securitytracker.com/id?1017823
http://secunia.com/advisories/24633
* Platforms Affected:
IBM/Lotus Software Group, Lotus Domino Server versions prior to 6.5.6
IBM/Lotus Software Group, Lotus Domino Server versions 7.x prior to 7.0.2 FP1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Lotus Domino (6.5.6 / 7.0.2 Fix Pack 1 or later), available from the IBM Technote (FAQ) 1257028 at http://www-1.ibm.com/support/docview.wss?uid=swg21257028 |
| Related URL |
CVE-2007-1675 (CVE) |
| Related URL |
23172 (SecurityFocus) |
| Related URL |
33276 (ISS) |
|
