Potential Denial of Service Vulnerability During Notes Authentication

Technote (FAQ)


Question

Ollie Whitehouse of Symantec reported a format string vulnerability during authentication to the Lotus Domino 6.x servers using the Notes protocol (NRPC). This vulnerability, if exploited by an attacker, could cause the server to crash, resulting in a Denial of Service.

Answer

This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.

Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at http://www.ibm.com/developerworks/lotus):

    Security
    SPR# KSPR66BKN7 - Fixed a potential Denial of Service attack.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus End of Support Products
Lotus Domino Server

Software version:

6.0, 6.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS

Reference #:

1202525

Modified date:

2010-02-03

Translate my page

Machine Translation

Content navigation