Check Point Advisories

Update Protection against IBM Lotus Domino LDAP Heap Overflow Vulnerability

Check Point Reference: CPAI-2007-082
Date Published: 1 Sep 2007
Severity: Critical
Last Updated: Monday 01 January, 2007
Source: Secunia Advisory: SA24633
Industry Reference:CVE-2007-1739
Protection Provided by:
Who is Vulnerable? IBM Lotus Domino 6.x prior to 6.5.6
IBM Lotus Domino 7.x prior to 7.0.2 FP1
Vulnerability Description A buffer overflow vulnerability exists in IBM Lotus Domino server. IBM Lotus Domino Server is a software that provides mail, messaging, calendaring for multiple platforms. The flaw is within the IBM Lotus Domino LDAP service. Lightweight Directory Access Protocol (LDAP) is Internet standard protocol designed for querying and modifying directory services. The vulnerability could be exploited by remote attackers to crash the service or execute arbitrary code via a specially crafted LDAP request sent to an affected server.
Update/Patch AvaliableUpgrade your product to version 6.5.6 or 7.0.2 (Fix Pack 1):
http://www14.software.ibm.com/webapp/download/support.jsp
Vulnerability DetailsThe flaw is due to a boundary error within the IBM Lotus Domino LDAP service that fails to properly handle specially crafted LDAP requests. A Remote attacker can exploit this issue via a specially crafted LDAP request that contains an overly long DN (Distinguished Name) sent to a vulnerable server. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK