Home Unlabelled IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

By
Thursday, April 20, 2017
Read
Add Comment

Apr 20, 2017 4:59 pm EDT

Categorized: High Severity

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2o9jhUx
X-Force Database: http://ift.tt/2pIhDGP



from IBM Product Security Incident Response Team http://ift.tt/2o9rqs6
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us