IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.
A buffer overflow vulnerability in the CRAM-MD5 authentication function in the Lotus Domino IMAP service allows remote attackers to execute arbitrary commands by sending a long, specially crafted username.
Upgrade to Lotus Domino 6.5.6 or 7.0.2 Fix Pack 1 or higher.
Exploit works on IBM Lotus Domino IMAP Server 6.5.4 on Windows Server 2003 SP0. There may be a delay of approximately one minute before the exploit succeeds.