IBM Support

Potential Denial of Service Vulnerability During Notes Authentication

Technote (FAQ)


Ollie Whitehouse of Symantec reported a format string vulnerability during authentication to the Lotus Domino 6.x servers using the Notes protocol (NRPC). This vulnerability, if exploited by an attacker, could cause the server to crash, resulting in a Denial of Service.


This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at

    SPR# KSPR66BKN7 - Fixed a potential Denial of Service attack.

Document information

More support for: Lotus End of Support Products
Lotus Domino Server

Software version: 6.0, 6.5

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Reference #: 1202525

Modified date: 14 July 2005

Translate this page: