Lotus Domino IMAP CRAM-MD5 authentication buffer overflow

2007-04-23T00:00:00
ID SAINT:B336C4523CCBCD8DA7B442B13EBFDC74
Type saint
Reporter SAINT Corporation
Modified 2007-04-23T00:00:00

Description

Added: 04/23/2007
CVE: CVE-2007-1675
BID: 23172
OSVDB: 34091

Background

IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.

Problem

A buffer overflow vulnerability in the CRAM-MD5 authentication function in the Lotus Domino IMAP service allows remote attackers to execute arbitrary commands by sending a long, specially crafted username.

Resolution

Upgrade to Lotus Domino 6.5.6 or 7.0.2 Fix Pack 1 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-011.html>
<http://www-1.ibm.com/support/docview.wss?uid=swg21257028>

Limitations

Exploit works on IBM Lotus Domino IMAP Server 6.5.4 on Windows Server 2003 SP0. There may be a delay of approximately one minute before the exploit succeeds.

Platforms

Windows