3 neue Sicherheitslücken in Notes/Domino

von Thomas Bahn,
assono GmbH, Standort Kiel,

Es gibt drei frisch gemeldete Sicherheitslücken in Lotus Notes/Domino 6.5 und 7:

Mehr Details :

1. IBM Lotus Domino IMAP Server Buffer Overflow Vulnerability

ZDI (The Zero Day Initiative, associated with TippingPoint) contacted IBM® Lotus® to report a potential denial of service vulnerability with the IBM Lotus Domino IMAP server task.

Advisory ZDI-CAN-060 can be accessed at the following link: http://www.zerodayinitiative.com/advisories.html
 
If the IMAP server task is enabled on the Domino server, and an attacker is able to telnet to the server, it is possible for an attacker to cause a buffer overflow resulting in a denial of service attack.


2. IBM Lotus Domino Buffer Overflow Vulnerability in LDAP
iDefense contacted IBM Lotus to report a potential denial of service vulnerability with the Lotus Domino LDAP server task. This issue has been fixed in 7.0.2 Fix Pack 1 (FP1) and 6.5.6.

The iDefense advisory can be accessed from the following link: http://www.idefense.com/intelligence/vulnerabilities/
 
If the LDAP server task is running on the Domino server and a malformed request is submitted to the LDAP server for processing, it may cause a buffer overflow, resulting in a server crash.


3. Lotus Domino Web Access Cross-Site Scripting Vulnerability
iDefense contacted IBM Lotus to report a potential cross site scripting vulnerability in Domino Web Access.

The iDefense advisory can be accessed from the following link: http://labs.idefense.com/intelligence/vulnerabilities/
 
The Active Content Filter feature, which protects users from potentially malicious code execution upon reading mail in the browser, needed to be updated to account for a particular circumstance.

Fachbeitrag IBM Notes IBM Domino IBM Notes Traveler Sicherheit

Sie haben Fragen zu diesem Artikel? Kontaktieren Sie uns gerne: blog@assono.de

Sie wollen eine individuelle Lösung? Kontaktieren Sie uns

Weitere interessante Artikel

Sie haben Fragen? Wir sind für Sie da.

Wir verwenden Ihre Daten, um Sie einmalig per E-Mail zu kontaktieren. Wir geben Ihre Daten nicht an Dritte weiter. Siehe: Datenschutzhinweise
assono GmbH

Standort Kiel (Zentrale)
assono GmbH
Lise-Meitner-Straße 1–7
24223 Schwentinental

Standort Hamburg
assono GmbH
Bornkampsweg 58
22761 Hamburg

Telefonnummern:
Zentrale: +49 4307 900 407
Techn. Hotline: +49 4307 900 403
Vertrieb: +49 4307 900 402

E-Mail-Adressen:
kontakt@assono.de
bewerbung@assono.de