Secunia

Some vulnerabilities have been reported in Lotus Domino / Notes, which potentially can be exploited by malicious users to cause a DoS (Denial of Service), or with unknown impact.

1) Some unspecified potential security issues have been reported in Domino and affects the Agents, Router, Web Server, and Security components.

2) An unspecified boundary error in server when performing CD to MIME conversion may cause a buffer overflow. This may be exploited to cause the Router service to crash or become unresponsive.

3) A stack overflow error in Domino for AIX when evaluating a long formula in "Design" can potentially be exploited to crash Domino via an overly long recursive formula.

4) Some unspecified errors in the Directory Services can potentially be exploited to cause a DoS, e.g. via a crash when performing LDAP searches.

5) An unspecified error in the IMAP Server may cause the service to become unresponsive and unable to initiate new IMAP sessions.

6) An unspecified error may cause the server to crash when compact was executed from the client.

7) Several unspecified errors may cause the Web Server to crash when handling corrupted bitmap images or when performing the "Delete Attachment" action.

8) Some unspecified potential DoS issues have been reported in Domino and affects the Directory Services, Java, MIME to CD conversion, and Server components.

9) Some unspecified vulnerabilities have been reported in Notes.

10) Lotus Notes uses a vulnerable version of the dunzip32.dll library.

For more information:
SA12869

Note: Several other issues, which may be security related, have also been fixed.

Solution
Apply updates.
Further details available in Customer Area

Provided and/or discovered by
1-9) Reported by vendor.
10) Originally discovered by eEye Digital Security and NGSSoftware (reported in Lotus Notes by Juha-Matti Laurio).

Changelog
Further details available in Customer Area

Original Advisory
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg27007054
http://www-1.ibm.com/support/docview.wss?uid=swg21229932
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/d1150fc9c5dec8b18525709200001da6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/50c634bfe193efa5852570e4001baace?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/071ee9775bb54a3c852570e4001bac62?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area