Added: 04/23/2007
CVE: CVE-2007-1675
BID: 23172
OSVDB: 34091
IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.
A buffer overflow vulnerability in the CRAM-MD5 authentication function in the Lotus Domino IMAP service allows remote attackers to execute arbitrary commands by sending a long, specially crafted username.
Upgrade to Lotus Domino 6.5.6 or 7.0.2 Fix Pack 1 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-07-011.html>
<http://www-1.ibm.com/support/docview.wss?uid=swg21257028>
Exploit works on IBM Lotus Domino IMAP Server 6.5.4 on Windows Server 2003 SP0. There may be a delay of approximately one minute before the exploit succeeds.
Windows