SB2017041501 - Remote code execution in IMAP server in IBM Lotus Domino

Description

This security bulletin contains information about 1 security vulnerability.

1) Stack-based buffer overflow (CVE-ID: CVE-2017-1274)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing mailbox names in the EXAMINE IMAP command. A remote authenticated attacker can send an EXAMINE IMAP command containing an overly long mailbox name, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability has been exploited in the wild and was disclosed by the Shadow Brokers leak.

The list of affected products, according to software vendor:

• IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
• IBM Domino 9.0 through 9.0 Interim Fix 7
• IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
• IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
• IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Remediation

Install update from vendor's website.

References

• https://www.kb.cert.org/vuls/id/676632
• http://www-01.ibm.com/support/docview.wss?uid=swg22002280&myns=swglotus&mynp=OCSSKTMJ&my...