Lotus Domino multiple security vulnerabilities
Published:		28.03.2007
Source:		BUGTRAQ
SecurityVulns ID:		7484
Type:		remote
Level:		6/10
Description:		LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication.

Affected:		IBM : Lotus Domino 6.5
		IBM : Lotus Domino 7.0
		IBM : Lotus Domino Web Access 7.0
		IBM : Lotus Domino Web Access 6.5
CVE:		CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.)
		CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.)
		CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.)

Original document		ZDI, ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability (28.03.2007)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability (28.03.2007)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability (28.03.2007)

Files:		Remote DOS exploit code for IBM Lotus Domino Server 6.5 IMAP CRAM-MD5 auth
Discuss:		Read or add your comments to this news (0 comments)