High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

Share this post:

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124749