Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow

2010-09-24T00:00:00
ID SAINT:3332952375479DA1E19CECA121732641
Type saint
Reporter SAINT Corporation
Modified 2010-09-24T00:00:00

Description

Added: 09/24/2010
CVE: CVE-2010-3407
BID: 43219
OSVDB: 68040

Background

IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.

Problem

A buffer overflow in the nrouter.exe service allows remote attackers to execute arbitrary commands by sending an iCalendar message containing a long, specially crafted MAILTO header to an e-mail address on the server.

Resolution

Upgrade to Lotus Domino 8.0.2 Fix Pack 5, 8.5.1 Fix Pack 2, or 8.5.2 or higher.

References

<http://www-01.ibm.com/support/docview.wss?uid=swg21446515>
<http://www.zerodayinitiative.com/advisories/ZDI-10-177/>

Limitations

Exploit works on Lotus Domino 8.5 and requires the e-mail address of a valid mailbox on the server.

Platforms

Windows