High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

Share this post:

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of rogue code execution. Conversely, Windows 32-bit Domino servers, while not common, are at greater risk to this attack. This attack has been referred to publicly with the code name “Emphasismine”.

CVE(s): CVE-2017-1274

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 1
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 16
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124749

More High Severity stories

Spectrum Scale and Elastic Storage Server System Interoperability Matrix

Mar 21, 2018 3:15 pm EDT | High Severity

The following OS levels have been tested and are supported for use with IBM Spectrum Scale: Operating systems for Intel based servers Kernel level IBM Spectrum Scale Releases Supported IBM Spectrum Scale Interoperability Fix RHEL 7.4 kernel level 3.10.0-693.11.6.el7.x86_64 4.1.1, 4.2.3, 5.0.0 Not Applicable RHEL 7.3 kernel level 3.10.0-514.36.5.el7.x86_64 4.1.1, 4.2.3, 5.0.0 Not Applicable RHEL ...read more

IBM Spectrum Protect Plus has released instructions for obtaining an update in response to the vulnerabilities known as Spectre and Meltdown

Mar 8, 2018 9:10 pm EDT | High Severity

Summary IBM has released the instructions provided in the Remediation/Fixes section of this bulletin in response to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5715 CVEID: CVE-2017-5753 CVEID: CVE-2017-5754 Affected Products and Versions IBM Spectrum Protect Plus 10.1.0. Remediation/Fixes The remediation for this vulnerability is to upgrade the IBM Spectrum Protect Plus virtual machine image ...read more

IBM Storage — Meltdown/Spectre

Mar 8, 2018 8:50 pm EDT | High Severity

Three security vulnerabilities that allow unauthorized users to bypass the hardware barrier between applications and kernel memory have been made public. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data ...read more