Ollie Whitehouse of Symantec reported a format string vulnerability during authentication to the Lotus Domino 6.x servers using the Notes protocol (NRPC). This vulnerability, if exploited by an attacker, could cause the server to crash, resulting in a Denial of Service.
This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at http://www.ibm.com/developerworks/lotus):
SPR# KSPR66BKN7 - Fixed a potential Denial of Service attack.