Article

Various Domino vulnerabilities publicized

Jack Vaughan

On the heels of earlier iDefense Labs Inc. reports of Domino DoS vulnerabilities, security software service provider and Web information clearing house Secunia.com has posted news of a number of security-related flaws in Domino. The flaws largely concern pre-Domino 6.5.4 version software, and fixes are available, according to Domino-maker IBM.

According to Secunia, and IBM, which issued report updates on all the relevant vulnerabilities, the problems include use of the @SetHTTPHeader function to inject content into headers.

Other problems noted were:

  • A buffer overflow condition that can occur when submitting a large amount of data to certain time/date fields that can be updated from the Web;
  • An boundary error in NOTES.INI on a Lotus Notes client that can be exploited to cause a buffer overflow; and,
  • A format string error in the Domino server that can occur when handling authentication using the NRPC Notes protocol if it is fed certain strings and format specifiers.

The earlier vulnerability reported by iDefense Labs Inc., a seven-year-old provider of security intelligence services, centered on a denial of service (DoS) vulnerability in a Lotus Domino Server 6.5.1 Web service that allows attackers to crash the service. The problem was said to exist within the module NLSCCSTR.DLL.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: