High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

Share this post:

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124749

More High Severity Stories

IBM Security Bulletin: Vulnerabilities in tcpdump affect AIX

Jul 7, 2017 10:16 am EDT | High Severity

There are multiple vulnerabilities in tcpdump that impact AIX. I. CVE(s): CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486 Affected product(s) and affected version(s): AIX 5.3, 6.1, 7.1, 7.2 ...read more


IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Jun 29, 2017 11:27 am EDT | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): AIX 5.3, ...read more


IBM Security Bulletin: IBM® Development Package for Apache Spark update of IBM® SDK Java™ Technology Edition

Jun 1, 2017 11:32 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in April 2017. IBM Development Package for Apache Spark is providing an IBM Java SDK update that includes fixes for security ...read more