Signature Detail

IMAP: IBM Lotus Domino IMAP Server Buffer Overflow

This signature detects attempts to exploist a known buffer overflow vulnerability in the way IBM Lotus Domino IMAP Server handles LSUB requests. It is due to lack of boundary protection while processing the subscribed mailbox names. A remote authenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code and execute within the security context of the affected service, which is normally the System. In an unsuccessful attack, the affected server terminates and all established connections are also terminated.

Extended Description

IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. An exploit is available for Lotus Domino Server running on Windows platforms. It is not known if other platforms are affected. This issue may be related to the IMAP buffer-overflow vulnerability described in BID 26176.

Affected Products

• IBM Lotus Domino 7.0.2 FP1

References

• BugTraq: 26219
• CVE: CVE-2007-3510