---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Lotus Notes/Domino Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14879 VERIFY ADVISORY: http://secunia.com/advisories/14879/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote SOFTWARE: IBM Lotus Notes 6.x http://secunia.com/product/388/ IBM Lotus Domino 6.x http://secunia.com/product/720/ DESCRIPTION: Some vulnerabilities have been reported in Lotus Notes/Domino, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A boundary error within the Domino Server when processing certain time/date fields, which can be updated from the web, can be exploited to cause a buffer overflow by passing a large amount of data. According to the vendor, successful exploitation crashes the Domino server. Code execution has reportedly not been proven. 2) A format string error in the Domino server when handling authentication using the NRPC Notes protocol can be exploited via a specially crafted string containing format specifiers. According to the vendor, successful exploitation crashes the Domino server. Code execution has reportedly not been proven. 3) An unspecified boundary error in NOTES.INI on a Lotus Notes client can be exploited to cause a buffer overflow. According to the vendor, successful exploitation causes the client to crash, but requires local access to the NOTES.INI file. Code execution has reportedly not been proven. 4) An error in the @SetHTTPHeader function can be exploited to inject arbitrary content into the header and potentially conduct HTTP response splitting attacks or proxy cache poisoning. According to the vendor, the vulnerable function is only available to application developers, and successful exploitation requires the ability to install a malicious application on the Lotus Domino server. SOLUTION: Update to Lotus Notes and Domino release 6.5.4 or 6.0.5. PROVIDED AND/OR DISCOVERED BY: 1) Mark Litchfield, NGS Software. 2-3) Ollie Whitehouse, Symantec. 4) Juan C Calderon ORIGINAL ADVISORY: IBM: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------