Lotus Domino IMAP buffer overflow vulnerability

Technote (FAQ)


Question

VeriSign iDefense VCP contacted IBM® Lotus® to report a potential buffer overflow vulnerability with the Domino® IMAP server task.

The advisory can be accessed at the following link:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605



Cause

If the IMAP server task is enabled on a Domino server, and an attacker is able to telnet to the server, it is possible for an attacker to execute arbitrary code resulting in a buffer overflow denial of service.


In order for an attacker to successfully exploit this vulnerability, they must accomplish the following:

-- Lotus Domino server must be configured for IMAP
-- Attacker needs to establish a TCP session with IMAP Domino server on TCP port 143
-- Authenticate with valid credentials
-- Execute arbitrary code


Answer

This issue was reported to Quality Engineering as SPR# PRAD74LKW5, and has been fixed in Domino releases 6.5.6 Fix Pack 2 (FP2), 7.0.2 Fix Pack 3 (FP3), 7.0.3 and 8.0. Refer to the Upgrade Central site for details on upgrading Notes/Domino.



Workaround
Employ firewalls to limit access to Domino servers over IMAP. This will mitigate exposure to this vulnerability.


Security Rating using Common Vulnerability Scoring System (CVSS) version 2
CVSS Base Score: < 7.1 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 3.9 >
CVSS Temporal Score: < 5.6 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 5.6 >
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < High >
  • Authentication < Single Instance >
  • Confidentiality Impact: < Complete >
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.


Rate this page:

(0 users)Average rating

Document information


More support for:

Lotus End of Support Products
Lotus Domino

Software version:

6.5, 7.0

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:

1270623

Modified date:

2008-01-08

Translate my page

Machine Translation

Content navigation