Various Domino vulnerabilities publicized

The flaws largely concern pre-Domino 6.5.4 version software, and fixes are available, according to IBM.

On the heels of earlier iDefense Labs Inc. reports of Domino DoS vulnerabilities, security software service provider and Web information clearing house Secunia.com has posted news of a number of security-related flaws in Domino. The flaws largely concern pre-Domino 6.5.4 version software, and fixes are available, according to Domino-maker IBM.

According to Secunia, and IBM, which issued report updates on all the relevant vulnerabilities, the problems include use of the @SetHTTPHeader function to inject content into headers.

Other problems noted were:

  • A buffer overflow condition that can occur when submitting a large amount of data to certain time/date fields that can be updated from the Web;
  • An boundary error in NOTES.INI on a Lotus Notes client that can be exploited to cause a buffer overflow; and,
  • A format string error in the Domino server that can occur when handling authentication using the NRPC Notes protocol if it is fed certain strings and format specifiers.

The earlier vulnerability reported by iDefense Labs Inc., a seven-year-old provider of security intelligence services, centered on a denial of service (DoS) vulnerability in a Lotus Domino Server 6.5.1 Web service that allows attackers to crash the service. The problem was said to exist within the module NLSCCSTR.DLL.

Dig deeper on Development Security for Lotus Notes Domino

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchDataCenter

SearchExchange

SearchContentManagement

Close