|
 |
|
IBM Lotus Notes Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA27279
|
|
|
Release Date:
|
2007-10-23
|
|
Last Update:
|
2008-03-11
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM Lotus Notes 6.x
IBM Lotus Notes 7.x
|
| | CVE reference: | CVE-2007-4222 (Secunia mirror)
CVE-2007-5544 (Secunia mirror)
CVE-2007-6706 (Secunia mirror)
CVE-2008-1217 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information and by malicious people to bypass certain security mechanisms or compromise a user's system.
1) Errors within various third-party file viewers (mifsr.dll, awsr.dll, kpagrdr.dll, exesr.dll, rtfsr.dll, mwsr.dll, exesr.dll, wp6sr.dll, and lasr.dll) can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted attachment.
Successful exploitation may allow execution of arbitrary code.
2) A boundary error when parsing HTML messages in nnotes.dll can be exploited to cause a buffer overflow when a user acts upon a malicious HTML message (e.g. replying, forwarding, or copying it to the clipboard).
Successful exploitation may allow execution of arbitrary code.
3) An error in the ECL (Execution Control List) mechanism may result in attachments being executed automatically instead of displaying the Execution Security Alert when handling Notes database (.nsf) and Notes template (.ntf) attachments.
4) Insecure permissions on shared memory allows any local user to access memory containing other users' data.
5) An error in the Lotus Notes client when processing specially-crafted SMTP responses can be exploited to crash the client or execute arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 7.0.3 or 8.0.
NOTE: Version 8.0 does not fix the vulnerability in wp6sr.dll.
Provided and/or discovered by:
The vendor credits:
1) ZDI and Tan Chew-Keong
2) UVInc, reported via iDefense Labs
3) Ed Schaller
4) Ollie Whitehouse, Symantec
5) Dan Ritter & the VCC
Changelog:
2007-10-24: Added CVE reference and link to Symantec Research.
2007-10-25: Added CVE reference and link to iDefense Labs.
2007-11-01: Added link to ZDI.
2007-11-12: Added vulnerability #5 based on additional information from IBM.
2008-03-11: Added CVE reference.
Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836
http://www-1.ibm.com/support/docview.wss?uid=swg21272930
http://www-1.ibm.com/support/docview.wss?uid=swg21270884
http://www-1.ibm.com/support/docview.wss?uid=swg21257030
http://www-1.ibm.com/support/docview.wss?uid=swg21271957
Vuln.sg:
http://vuln.sg/lotusnotes702doc-en.html
http://vuln.sg/lotusnotes702sam-en.html
http://vuln.sg/lotusnotes702wpd-en.html
http://vuln.sg/lotusnotes702mif-en.html
Symantec:
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
16 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM Lotus Notes Java Plug-in Sandbox Security Bypass
|
|
2. IBM Lotus Notes Java Applet Signature Execution Control List Security Bypass
|
|
3. Lotus Notes Multiple Keyview Parsing Vulnerabilities
|
|
4. IBM Lotus Notes 5 / 6 Lotus 1-2-3 File Viewer Buffer Overflows
|
|
5. IBM Lotus Notes Lotus 1-2-3 File Viewer Buffer Overflows
|
|
6. Lotus Notes Deleted Mail Recipient Security Issue
|
|
7. IBM Lotus Notes Insecure Default Directory Permissions
|
|
8. IBM Lotus Domino/Notes Multiple Vulnerabilities
|
|
9. IBM Lotus Notes Multiple Vulnerabilities
|
|
10. Lotus Notes/Domino Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
