IBM Support

IBM Lotus Domino LDAP buffer overflow vulnerability advisory

Technote (troubleshooting)


Intevydis published a buffer overflow vulnerability advisory for the Lotus Domino LDAP Server versions 7.x and 8.x. The buffer overflow results in a denial of service attack on Lotus Domino.


IBM Lotus Domino buffer overflow vulnerability in LDAP server task.


If the LDAP server task is running on the Domino server and a specific malformed LDAP message is submitted for processing, it causes a buffer overflow resulting in a server crash.

Resolving the problem

This issue is being tracked under SPR# KLYH7ZPNC2. A fix will be included in Domino 7.0.4 Fix Pack 2, Domino 8.0.2 Fix Pack 5, Domino 8.5.1 Fix Pack 3 and Domino 8.5.2. Refer to the Notes/Domino Update Status page for approximate release dates.

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 5.4 >
---- Impact Subscore: < 6.9 >
---- Exploitability Subscore: <4.9 >
CVSS Temporal Score: < 4.2 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 4.2 >
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: <High >
  • Authentication < None >
  • Confidentiality Impact: < None >
  • Integrity Impact: < None >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code>
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.

Change History
27 May 2010 Added fixed in 8.5.1 Fix Pack 3.
20 April 2010 Updated fixed in versions.
17 February 2010 First published.

Document information

More support for: IBM Domino

Software version: 7.0, 8.0, 8.5

Operating system(s): AIX, IBM i, Linux, Solaris, Windows

Reference #: 1420749

Modified date: 27 May 2010

Translate this page: