28.03.2007
3 new vulnerabilities in Notes/Domino
>>Author: Thomas Bahn
>>Ort: Raisdorf
URL: http://www.assono.de/blog/d6plinks/TBAN-6ZQLQNCategory: Lotus Notes, Lotus Domino, Sicherheit
There are 3 recently published vulnerabilities in Lotus Notes/Domino 6.5 and 7:
- IBM Lotus Domino IMAP Server Buffer Overflow Vulnerability
- IBM Lotus Domino Buffer Overflow Vulnerability in LDAP Server Task
- Lotus Domino Web Access Cross-Site Scripting Vulnerability
All 3 are resolved in the versions 6.5.6 and 7.0.1 Fix Pack 1.
Some details :
1. IBM Lotus Domino IMAP Server Buffer Overflow Vulnerability
ZDI (The Zero Day Initiative, associated with TippingPoint) contacted IBM® Lotus® to report a potential denial of service vulnerability with the IBM Lotus Domino IMAP server task.
Advisory ZDI-CAN-060 can be accessed at the following link: http://www.zerodayinitiative.com/advisories.html
If the IMAP server task is enabled on the Domino server, and an attacker is able to telnet to the server, it is possible for an attacker to cause a buffer overflow resulting in a denial of service attack.
2. IBM Lotus Domino Buffer Overflow Vulnerability in LDAP
iDefense contacted IBM Lotus to report a potential denial of service vulnerability with the Lotus Domino LDAP server task. This issue has been fixed in 7.0.2 Fix Pack 1 (FP1) and 6.5.6.
The iDefense advisory can be accessed from the following link: http://www.idefense.com/intelligence/vulnerabilities/
If the LDAP server task is running on the Domino server and a malformed request is submitted to the LDAP server for processing, it may cause a buffer overflow, resulting in a server crash.
3. Lotus Domino Web Access Cross-Site Scripting Vulnerability
iDefense contacted IBM Lotus to report a potential cross site scripting vulnerability in Domino Web Access.
The iDefense advisory can be accessed from the following link: http://labs.idefense.com/intelligence/vulnerabilities/
The Active Content Filter feature, which protects users from potentially malicious code execution upon reading mail in the browser, needed to be updated to account for a particular circumstance.
Suche (Search)
Tags
Archiv (Archive)
Deutsche RSS-Feeds (German)
English RSS feeds