|
Lotus Notes Deleted Mail Recipient Security Issue
|
|
|
|
|
Secunia Advisory:
|
SA21096
|
|
|
Release Date:
|
2006-07-17
|
|
Last Update:
|
2006-07-28
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | IBM Lotus Notes 6.x
IBM Lotus Notes 7.x
|
| | CVE reference: | CVE-2006-3778 (Secunia mirror)
|
|
|
|
|
|
Description:
A security issue has been reported in Lotus Notes, which may expose potentially sensitive information to certain people.
The problem is caused due to an error in the Lotus Notes mail template. Under very specific circumstances, recipients deleted from the "To", "Cc", and "Bcc" fields may still be shown as recipients of a e-mail messages from/to alternate name users. This may result in these people receiving replies, though they never received the original e-mail, if a recipient of the e-mail message replies to all.
This only occurs when the "Default display name" preference is set to "Display alternate names".
Solution:
The vendor has published guidelines for repairing the template (see the vendor's advisory).
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2006-07-28: Added CVE reference.
Original Advisory:
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
16 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM Lotus Notes Java Plug-in Sandbox Security Bypass
|
|
2. IBM Lotus Notes Java Applet Signature Execution Control List Security Bypass
|
|
3. Lotus Notes Multiple Keyview Parsing Vulnerabilities
|
|
4. IBM Lotus Notes 5 / 6 Lotus 1-2-3 File Viewer Buffer Overflows
|
|
5. IBM Lotus Notes Lotus 1-2-3 File Viewer Buffer Overflows
|
|
6. IBM Lotus Notes Multiple Vulnerabilities
|
|
7. IBM Lotus Notes Insecure Default Directory Permissions
|
|
8. IBM Lotus Domino/Notes Multiple Vulnerabilities
|
|
9. IBM Lotus Notes Multiple Vulnerabilities
|
|
10. Lotus Notes/Domino Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
