Vigil@nce: Domino, denial of service of IMAP
April 2009 by Vigil@nce
An attacker can send a malformed email in order to stop the IMAP
service.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/04/2009
IMPACTED PRODUCTS
– Lotus Domino
DESCRIPTION OF THE VULNERABILITY
The MIME format is used to encapsulate several documents
(entities) in an email. A MIME entity can also contain several
sub-entities.
When the first entity of a MIME email contains sub-entities, and
when the first sub-entity contains RFC 822 standard headers, an
error occurs in the IMAP service of IBM Lotus Domino. This error
occurs in the CIMsgMimeDirectoryStreamStore::GetHeaderStream()
method and stops the service.
An attacker can therefore send a malformed email in order to stop
the IMAP service of Domino.
CHARACTERISTICS
– Identifiers: 1379894, 1381562, BID-34441, CVE-2009-1286,
JCHS7NNM56, VIGILANCE-VUL-8615
– Url: http://vigilance.fr/vulnerability/Domino-denial-of-service-of-IMAP-8615
– To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2