Skip to main content

Software  >  Lotus  >  

Potential denial of service in Lotus Notes due to malformed SMTP message
 Technote (FAQ)
 
 
Question
Dan Ritter & the VCC contacted IBM® Lotus® to report a potential security vulnerability that could result in both a denial of service, as well as, remote execution of code. In specific situations, the exploit would cause the Lotus Notes® client to crash.
 
Cause
This issue, which is caused by a specially crafted SMTP message, could result in one of the following known stack traces in the NSD, depending on the Notes client version deployed.

Fatal Thread #1: nlnotes
nnotesws.CEdDocMark::DeleteMark+5

Fatal Thread #2: nlnotes
nnotesws.CEdDocMark::DeleteMark+20

Fatal Thread #3: nlnotes
nnotesws.CEdHotSpotRun::Load+3
 
Answer
There are two variations that could expose this type of security vulnerability. These issues were reported to Quality Engineering as SPR# SNES6NMVG7 and ABUI76AJAM . Refer to the table below for details.

The issues are similar in that they expose a security vulnerability that is exploited by a specific SMTP message.

SPR #Exploit SpecificsFixed Versions
SNES6NMVG7Specific text must be included in the SMTP messageFixed in Lotus Notes versions 7.0.2 CCH, 7.0.3, and 8.0
ABUI76AJAMA specific attachment must be included in the SMTP messageFixed in Lotus Notes versions 7.0.2 CCH, 7.0.3 CCH, and 8.0.1

Refer to the Upgrade Central site for details on upgrading Notes/Domino.

Note: These issues impact the Lotus Notes client only; it does not impact the Domino server.


Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 9.3 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 7.3 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 7.3 >
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < Complete >
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:

*The CVSS Environment Score is customer-environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.



Change History
23 October 2007Initial publication.
20 February 2008Added SPR #ABUI76AJAM
 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 Advanced Messaging
 Lotus Notes
 Performance
 Operating system(s):
  Windows
 Software version:
  6.5, 7.0, 8.0
 Reference #:
  1271957
 IBM Group:
 Software Group
 Modified date:
 2008-09-11

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.