Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:55EC238F0CF29C5DA7183529259B6D86
HistoryMay 30, 2008 - 12:00 a.m.

IBM Lotus Sametime Community Services Multiplexer buffer overflow

2008-05-3000:00:00
SAINT Corporation
my.saintcorporation.com
15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.969

Percentile

99.7%

JSON

Added: 05/30/2008
CVE: CVE-2008-2499
BID: 29328
OSVDB: 45610

Background

IBM Lotus Sametime is enterprise instant messaging and web conferencing software.

Problem

A buffer overflow vulnerability in the Community Services Multiplexer allows remote attackers to execute arbitrary commands by requesting a long, specially crafted URL.

Resolution

Upgrade to Sametime 8.0.1 or apply one of the workarounds described in the Technote.

References

<http://www.zerodayinitiative.com/advisories/ZDI-08-028/&gt;

Limitations

Exploit works on IBM Lotus Sametime 8.0.

Platforms

Windows 2000
Windows Server 2003

Related

d2 1
saint 3
nvd 1
nessus 1
checkpoint_advisories 1
cvelist 1
kaspersky 1
packetstorm 1
zdi 1
exploitdb 2
cve 1
prion 1
metasploit 1
d2
d2
DSquare Exploit Pack: D2SEC_SAMETIME
2008-05-29 16:32:00
saint
saint
IBM Lotus Sametime Community Services Multiplexer buffer overflow
2008-05-30 00:00:00
IBM Lotus Sametime Community Services Multiplexer buffer overflow
2008-05-30 00:00:00
IBM Lotus Sametime Community Services Multiplexer buffer overflow
2008-05-30 00:00:00
nvd
nvd
CVE-2008-2499
2008-05-29 16:32:00
nessus
nessus
IBM Lotus Sametime Multiplexer Buffer Overflow
2013-09-24 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow (CVE-2008-2499)
2009-11-16 00:00:00
cvelist
cvelist
CVE-2008-2499
2008-05-29 16:00:00
kaspersky
kaspersky
KLA10203 ACE vulnerability in IBM Lotus Sametime
2008-05-29 00:00:00
packetstorm
packetstorm
IBM Lotus Domino Sametime STMux.exe Stack Overflow
2009-11-26 00:00:00
zdi
zdi
IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability
2008-05-21 00:00:00
exploitdb
exploitdb
IBM Lotus Domino Sametime - &#039;STMux.exe&#039; Remote Stack Buffer Overflow (Metasploit)
2010-05-09 00:00:00
IBM Lotus Sametime 8.0 - Multiplexer Buffer Overflow
2008-05-21 00:00:00
cve
cve
CVE-2008-2499
2008-05-29 16:32:00
prion
prion
Stack overflow
2008-05-29 16:32:00
metasploit
metasploit
IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow
2008-11-14 11:04:33

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.969

Percentile

99.7%

JSON
Related for SAINT:55EC238F0CF29C5DA7183529259B6D86
d21saint3nvd1nessus1checkpoint_advisories1cvelist1kaspersky1packetstorm1zdi1exploitdb2cve1prion1metasploit1