High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124749

More High Severity Stories

IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560)

Jun 9, 2016 8:00 pm EDT | High Severity

InstallShield/installAnywhere generates installation executables which are vulnerable to a DLL-planting affecting the installation of IBM Informix CSDK and Dynamic Server on Windows. CVE(s): CVE-2016-2542, CVE-2016-4560 Affected product(s) and affected version(s): IBM Informix CSDK 3.50, 3.70, 4.10 for Windows IBM Informix Dynamic Server 11.50, 11.70, 12.10 for Windows Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705)

May 5, 2017 10:00 am EDT | High Severity

A heap-based buffer overflow has been identified in memcached shipped with SmartCloud Entry. CVE(s): CVE-2016-8704, CVE-2016-8705 Affected product(s) and affected version(s): IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 23, IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 23 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025081X-Force ...read more


IBM Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)

Aug 5, 2016 9:19 pm EDT | High Severity

Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow: – a local attacker to execute commands as root by setting environment variables processed by setuid programs (CVE-2016-2985) – a local attacker to execute commands as root by supplying command line parameters to setuid programs (CVE-2016-2984) CVE(s): ...read more