Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Moderately critical

IBM Lotus Domino/Notes Multiple Vulnerabilities

-

Release Date:  2006-01-06    Last Update:  2006-09-07    Views:  21,351

Secunia Advisory SA18328

Where:

From remote

Impact:

Unknown, DoS

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities have been reported in Lotus Domino / Notes, which potentially can be exploited by malicious users to cause a DoS (Denial of Service), or with unknown impact.

1) Some unspecified potential security issues have been reported in Domino and affects the Agents, Router, Web Server, and Security components.

2) An unspecified boundary error in server when performing CD to MIME conversion may cause a buffer overflow. This may be exploited to cause the Router service to crash or become unresponsive.

3) A stack overflow error in Domino for AIX when evaluating a long formula in "Design" can potentially be exploited to crash Domino via an overly long recursive formula.

4) Some unspecified errors in the Directory Services can potentially be exploited to cause a DoS, e.g. via a crash when performing LDAP searches.

5) An unspecified error in the IMAP Server may cause the service to become unresponsive and unable to initiate new IMAP sessions.

6) An unspecified error may cause the server to crash when compact was executed from the client.

7) Several unspecified errors may cause the Web Server to crash when handling corrupted bitmap images or when performing the "Delete Attachment" action.

8) Some unspecified potential DoS issues have been reported in Domino and affects the Directory Services, Java, MIME to CD conversion, and Server components.

9) Some unspecified vulnerabilities have been reported in Notes.

10) Lotus Notes uses a vulnerable version of the dunzip32.dll library.

For more information:
SA12869

Note: Several other issues, which may be security related, have also been fixed.


Solution:
Apply updates.

Further details available to Secunia VIM customers

Provided and/or discovered by:
1-9) Reported by vendor.
10) Originally discovered by eEye Digital Security and NGSSoftware (reported in Lotus Notes by Juha-Matti Laurio).

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg27007054
http://www-1.ibm.com/support/docview.wss?uid=swg21229932
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/d1150fc9c5dec8b18525709200001da6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/50c634bfe193efa5852570e4001baace?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/071ee9775bb54a3c852570e4001bac62?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: IBM Lotus Domino/Notes Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability