Skip to main content

Support & downloads  >  

Lotus iNotes Client ActiveX Control Buffer Overrun; Reported by NGSS
 Technote (FAQ)
 
Question
The Lotus Domino Server is vulnerable to an intermittent problem with a script or control invoking a specific backend COM class method with an intentionally very long parameter string. The problem reported to Lotus involved the use of an iNotes ActiveX control on Domino 6.0. This vulnerability can be exploited by a malicious user to bring down the Web server.
 
Answer
This issue was reported to Lotus Software Quality Engineering, and has been addressed in Notes/Domino 6.0.1 CF1.

Excerpt from the Lotus Notes and Domino Release 6.0.1 CF1 fix list (available at http://www.lotus.com/ldd):

Server
  • SPR# KSPR5J2QET - Fixed a potential Denial of Service attack. Technote # 1104543.


For more information on the Notes/Domino 6.0.1 Critical Fix 1, refer to the following site:

http://www-10.lotus.com/ldd/r5fixlist.nsf/80bff5d07b4be477052569ce00710588/8bc951d3ff1e578385256ce10052a78a?OpenDocument


Related URLs:

CERT VU# 571297: http://www.kb.cert.org/vuls
NGSS (Advisory # NISR17022003e): http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
 
 
  

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 E-Mail
 Lotus End of Support Products
 Lotus Domino Server
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  6.0
 Reference #:
  1104543
 IBM Group:
 Software Group
 Modified date:
 2007-02-13

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.