High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

Share this post:

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124749

More High Severity stories

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

Mar 16, 2017 3:38 pm EDT

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal ...read more