|Check Point Reference:||CPAI-2007-337|
|Date Published:||31 Dec 2007|
|Last Updated:||31 Dec 2010|
|Source:||Secunia Advisory: SA27321|
|Protection Provided by:|
|Who is Vulnerable?|| IBM Lotus Domino 6.x prior to 6.5.6 Fix Pack 2|
IBM Lotus Domino 7.x prior to 7.0.3
|Vulnerability Description||IBM Lotus Domino Server is a collaboration software that provides mail, messaging, calendaring and scheduling capabilities across multiple OS platforms. The product implements numerous services based on open standards, including SMTP, IMAP, and POP3. Lotus Notes is the client implementation of the Lotus office product which is specifically designed to interact with Lotus Domino Server; however, the Lotus Domino Server can communicate with other client products via the standard formats mentioned above.|
|Vulnerability Details||There exists a buffer overflow vulnerability in the way IBM Lotus Domino IMAP Server handles LSUB requests. The vulnerability is due to lack of boundary protection while processing the subscribed mailbox names. A remote authenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, normally System.|
In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, which is normally the System.
In an attack case where code injection is not successful, the affected server will terminate and all established connections will also be terminated.