Detections
Analytics

Lotus Domino IMAP Server < 6.5.6 / 7.0.2 FP1 CRAM-MD5 Authentication Overflow

high Nessus Network Monitor Plugin ID 3958

Synopsis

The remote IMAP server is affected by a buffer overflow vulnerability.

Description

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to check the length of the supplied username in its CRAM-MD5 authentication mechanism before processing it. By supplying a username over 256 bytes, an unauthenticated remote attacker can leverage this issue to crash the affected service and possibly execute arbitrary code remotely.

Solution

Upgrade to version 6.5.6, 7.0.2 FP1 or higher.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-07-011.html

http://archives.neohapsis.com/archives/bugtraq/2007-03/0370.html

http://www-1.ibm.com/support/docview.wss?uid=swg21257028

Plugin Details

Severity: High

ID: 3958

Family: IMAP Servers

Published: 3/28/2007

Updated: 3/6/2019

Nessus ID: 24903

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2006-4843, CVE-2007-1675, CVE-2007-1739

BID: 23173, 23172