|
|
|
![]() |
Vulnerability Note VU#927988IBM Lotus Domino LDAP server DN message heap buffer overflowOverviewThe IBM Lotus Domino LDAP server is vulnerable to a heap buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.I. DescriptionIBM Lotus Domino server software provides email, calendar, scheduling, and collaboration services. The LDAP component of Lotus Domino is vulnerable to a heap buffer overflow if it handles a DN (Distinguished Name) message with a string larger than 65535 bytes.II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the LDAP server component or cause a denial of service.III. SolutionApply an updateThis issue is addressed in Lotus Domino 7.0.2 Fix Pack 1 (FP1) and 6.5.6., as specified in IBM Technote 1257248.
References
This vulnerability was reported by iDefense Labs, who in turn credit an anonymous discoverer. This document was written by Will Dormann.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||