Security Alert (A17-04-08): Vulnerability in IBM Domino


 

Published on: 21 April 2017

  
  

Description:

IBM has issued a security bulletin to address a stack-based buffer overflow vulnerability in IMAP service. A remote and authenticated attacker could exploit the vulnerability by sending a specially-crafted IMAP command that references a mailbox name to an affected system. 

Reports indicate that there is public exploit code available.

Affected Systems:

  • IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
  • IBM Domino 9.0 through 9.0 Interim Fix 7
  • IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
  • IBM Domino 8.5.2 through 8.5.2 Fix Pack 4 
  • IBM Domino 8.5.1 through 8.5.1 Fix Pack 5 

 

Impact:

Successful exploitation could lead to arbitrary code execution.

 

Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URLs:

  • IBM Domino 9.0.1 Fix Pack 8 Interim Fix 2  
    http://www.ibm.com/support/docview.wss?uid=swg21657963

  • IBM Domino 8.5.3 Fix Pack 6 Interim Fix 17
    http://www.ibm.com/support/docview.wss?uid=swg21663874

 

More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg22002280
https://www.kb.cert.org/vuls/id/676632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1274



Tag: Domino , IBM
Tags