The host is running IBM Lotus Domino Server and is prone to multiple vulnerabilities.

Successful exploitation may allow remote attackers to execute arbitrary code in the context of the Lotus Domino server process or bypass authentication. Impact Level: Application/System

Upgrade to version 8.5.2 FP3 or 8.5.3 or later, For updates refer to http://www-01.ibm.com/software/lotus/products/domino

Multiple flaws are due to, - Stack overflow in the SMTP service, which allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message. - Buffer overflow in nLDAP.exe, which allows remote attackers to execute arbitrary code via an LDAP Bind operation. - Stack overflow in the NRouter service, which allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages. - Multiple stack overflows in the POP3 and IMAP services, which allows remote attackers to execute arbitrary code via non-printable characters in an envelope sender address. - The Remote Console, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors.

IBM Lotus Domino versions 8.5.3 prior

• http://secunia.com/advisories/43224
• http://secunia.com/advisories/43247
• http://www-01.ibm.com/support/docview.wss?uid=swg21461514
• http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=23&Itemid=23
• http://zerodayinitiative.com/advisories/ZDI-11-045/
• http://zerodayinitiative.com/advisories/ZDI-11-046/
• http://zerodayinitiative.com/advisories/ZDI-11-047/
• http://zerodayinitiative.com/advisories/ZDI-11-049/

---

Updated on 2015-03-25