Is Lotus Domino vulnerable to the security advisory posted by the UK National Infrastructure Security Co-ordination Centre (NISCC) titled "Vulnerability Issues in Implementations of the TLS and SSL Protocols"? The NISCC Web site address is as follows:
The issue is also reported in CERT® Advisory CA-2003-26 "Multiple Vulnerabilities in SSL/TLS Implementations."
IBM Lotus acquired and ran the test suite from NISCC and uncovered a potential Denial-of Service vulnerability when parsing malformed ASN.1 requests. This issue has been resolved in 6.5.1 and in the forthcoming release of 6.0.4.
Excerpt from the Lotus Notes and Domino Release 6.5.1 MR fix list (available at http://www.ibm.com/developerworks/lotus):
- SPR# MCHE5SLSGY - Fixed a potential denial of service.