IMAP: IBM Lotus Domino IMAP Server Buffer Overflow
This signature detects attempts to exploist a known buffer overflow vulnerability in the way IBM Lotus Domino IMAP Server handles LSUB requests. It is due to lack of boundary protection while processing the subscribed mailbox names. A remote authenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code and execute within the security context of the affected service, which is normally the System. In an unsuccessful attack, the affected server terminates and all established connections are also terminated.
Extended Description
IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. An exploit is available for Lotus Domino Server running on Windows platforms. It is not known if other platforms are affected. This issue may be related to the IMAP buffer-overflow vulnerability described in BID 26176.
Affected Products
Ibm lotus_domino
Short Name
IMAP:OVERFLOW:DOMINO-IMAP
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
IMAP
Keywords
Buffer CVE-2007-3510 Domino IBM IMAP Lotus Overflow Server bid:26219
Release Date
10/20/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
srx-12.3
vmx-19.4
mx-12.3
mx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
Sigpack Version
3640
False Positive
Unknown
Vendors
Ibm
CVSS Score
9.0