IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 Authentication Remote Overflow

critical Nessus Plugin ID 24903

Synopsis

The remote IMAP server is affected by a buffer overflow vulnerability.

Description

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to check the length of the supplied username in its CRAM-MD5 authentication mechanism before processing it. By supplying a username over 256 bytes, an unauthenticated, remote attacker can leverage this issue to crash the affected service and possibly execute arbitrary code remotely.

Solution

Upgrade to Lotus Domino 6.5.6 / 7.0.2 Fix Pack 1 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-011/

https://seclists.org/bugtraq/2007/Mar/429

https://www-01.ibm.com/support/docview.wss?uid=swg21257028

Plugin Details

Severity: Critical

ID: 24903

File Name: domino_imap_crammd5_overflow.nasl

Version: 1.19

Type: remote

Published: 3/29/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/28/2007

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2007-1675

BID: 23172