Friday, 21 April 2017

IBM Domino 9.0.1.Feature Pack 8 Interim Fix 2 Available for Download on IBM Fix Central


IBM Domino 9.0.1.Feature Pack 8 Interim Fix 2 is available for wownload on IBM Fix Central.
A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack.

DESCRIPTION: IBM Domino is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name.
For more information: Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)



No comments:

Post a Comment