Mark Litchfield of NGS Software reported a buffer overflow condition that can occur when submitting a large amount of data to certain time/date fields that can be updated from the Web.
This vulnerability could be exploited by a malicious user with access to the Web server to cause the Lotus Domino server to crash, resulting in a Denial of Server attack.
This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.0.5 / 6.5.4 MR fix list (available at http://www.ibm.com/developerworks/lotus):
- SPR# KSPR68QNST - Fixed a potential Denial of Service attack.
NGS Software advisories can be found at the following address: