Skip to main content

Support & downloads  >  

Lotus Domino Web Server iNotes Overflow; reported by NGSS
 Technote (FAQ)
 
Problem
Lotus Domino Web Access (iNotes Web Access) is subject to a buffer overflow vulnerability when a maliciously crafted URL contains an overly long value for certain parameters. This vulnerability can be exploited by a malicious user to bring down the Web server.
 
Solution
This issue was reported to Lotus Software Quality Engineering and has been addressed in Domino 5.0.12 and 6.0.1.

Customers running Domino 5.0x Servers should upgrade to 5.0.12 (or later) to resolve the problem.
Customers running Domino 6.0 Servers should upgrade to 6.0.1 (or later) to resolve the problem.

Excerpt from the Lotus Notes and Domino Release 5.0.12 and 6.0.1 MR fix lists (available at http://www.lotus.com/ldd):

Security
  • SPR# KSPR5HUQ59 - Fixed an iNotes buffer overrun.

Related URLs:

NGSS Advisory # NISR17022003e: http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
CERT VU#206361: http://www.kb.cert.org/vuls
 
 
  

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 E-Mail
 Lotus End of Support Products
 Lotus Domino Web Access
 Operating system(s):
  AIX, HP-UX, OS/390, OS/400, Solaris, Windows
 Software version:
  5.0
 Reference #:
  1104527
 IBM Group:
 Software Group
 Modified date:
 2004-09-17

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.