Buffer Overruns in Certain Date Fields Cause Domino Server Crash

Technote (FAQ)


Question

Mark Litchfield of NGS Software reported a buffer overflow condition that can occur when submitting a large amount of data to certain time/date fields that can be updated from the Web.

This vulnerability could be exploited by a malicious user with access to the Web server to cause the Lotus Domino server to crash, resulting in a Denial of Server attack.

Answer

This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.

Excerpt from the Lotus Notes and Domino Release 6.0.5 / 6.5.4 MR fix list (available at http://www.ibm.com/developerworks/lotus):

  • SPR# KSPR68QNST - Fixed a potential Denial of Service attack.

NGS Software advisories can be found at the following address:


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus End of Support Products
Lotus Domino Server

Software version:

6.0, 6.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS

Reference #:

1202431

Modified date:

2010-02-03

Translate my page

Machine Translation

Content navigation