Mark Litchfield of NGS Software reported a buffer overflow condition that can occur when submitting a large amount of data to certain time/date fields that can be updated from the Web.
This vulnerability could be exploited by a malicious user with access to the Web server to cause the Lotus Domino server to crash, resulting in a Denial of Server attack.
This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.0.5 / 6.5.4 MR fix list (available at http://www.ibm.com/developerworks/lotus):
- SPR# KSPR68QNST - Fixed a potential Denial of Service attack.
NGS Software advisories can be found at the following address:
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.