Intevydis published a buffer overflow vulnerability advisory for the Lotus Domino LDAP Server versions 7.x and 8.x. The buffer overflow results in a denial of service attack on Lotus Domino.
The Intevydis advisory can be accessed at the following link:
(Original publish date February 17, 2010. See "Change History" table below.)
IBM Lotus Domino buffer overflow vulnerability in LDAP server task.
If the LDAP server task is running on the Domino server and a specific malformed LDAP message is submitted for processing, it causes a buffer overflow resulting in a server crash.
Resolving the problem
This issue is being tracked under SPR# KLYH7ZPNC2. A fix will be included in Domino 7.0.4 Fix Pack 2, Domino 8.0.2 Fix Pack 5, Domino 8.5.1 Fix Pack 3 and Domino 8.5.2. Refer to the Notes/Domino Update Status page for approximate release dates.
|Security Rating using Common Vulnerability Scoring System (CVSS) v2|
|CVSS Base Score: < 5.4 >
---- Impact Subscore: < 6.9 >
---- Exploitability Subscore: <4.9 >
CVSS Temporal Score: < 4.2 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 4.2 >
|Base Score Metrics:
|Temporal Score Metrics:
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.
|27 May 2010||Added fixed in 8.5.1 Fix Pack 3.|
|20 April 2010||Updated fixed in versions.|
|17 February 2010||First published.|