Vulnerability Note VU#676632
IBM Lotus Domino server mailbox name stack buffer overflow
The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server
IBM Lotus Domino includes an IMAP server. This server contains a stack buffer overflow in the handling of mailbox names. By specifying a large mailbox name, an attacker can trigger a stack-based buffer overflow. Because IMAP commands that refer to a mailbox name are used after authentication, this vulnerability appears to only be exploitable by authenticated attackers. We have confirmed that this vulnerability affects Domino server 9.0.1FP8 and earlier versions. This exploit has been referred to by the "EMPHASISMINE" code name. Public exploit code uses the EXAMINE IMAP command, but other IMAP commands that refer to mailbox names may also be used.
Note that on Windows at least one library used by Domino does not opt in to using ASLR, which makes exploitation trivial even on modern Windows platforms. This vulnerability is also exploitable when Domino is running on other platforms, such as Linux.
By sending a specially-crafted IMAP command that references a mailbox name to an affected server, a remote, authenticated attacker can execute arbitrary code on the Domino system with the privileges of the Domino IMAP server.
Apply an update
Use the Microsoft Enhanced Mitigation Experience Toolkit
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM Corporation||Affected||17 Apr 2017||27 Apr 2017|
CVSS Metrics (Learn More)
This document was written by Will Dormann.
- CVE IDs: CVE-2017-1274
- Date Public: 14 Apr 2017
- Date First Published: 17 Apr 2017
- Date Last Updated: 27 Apr 2017
- Document Revision: 43
If you have feedback, comments, or additional information about this vulnerability, please send us email.