CVE-2017-1274 IBM Domino IMAP EXAMINE Buffer Overflow Vulnerability – (swg22002280) Shadow Broker – (EMPHASISMINE)

漏洞类别:Local

漏洞等级:

漏洞信息

IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.

IBM Domino is vulnerable to a IMAP EXAMINE command stack buffer overflow vulnerability which can allow authenticated attackers to execute arbitrary code by specifying a large mailbox name.

Affected Versions
IBM Domino 9.0.0 prior to 9.0.1 Fix Pack 8 Interim Fix 2
IBM Domino 8.5.3 prior to 8.5.3 Fix Pack 6 Interim Fix 17
IBM Domino 6.6.4 to 8.5.2 (Fixed version 8.5.3 Fix Pack 6 Interim Fix 17)

漏洞危害

Successful exploitation of the vulnerability allows authenticated attackers to execute arbitrary code by specifying a large mailbox name.

解决方案

IBM has issued a fix (8.5.3 Fix Pack 6 Interim Fix 17 and 9.0.1 Fix Pack 8 Interim Fix 2).
Refer to IBM advisory swg22002280 to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

swg21657963

0day

发表评论