IBM Lotus Sametime Community Services Multiplexer buffer overflow

Added: 05/30/2008
CVE: CVE-2008-2499
BID: 29328
OSVDB: 45610

Background

IBM Lotus Sametime is enterprise instant messaging and web conferencing software.

Problem

A buffer overflow vulnerability in the Community Services Multiplexer allows remote attackers to execute arbitrary commands by requesting a long, specially crafted URL.

Resolution

Upgrade to Sametime 8.0.1 or apply one of the workarounds described in the Technote.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-028/

Limitations

Exploit works on IBM Lotus Sametime 8.0.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index