Potential Denial of Service Vulnerability During Notes Authentication
Ollie Whitehouse of Symantec reported a format string vulnerability during authentication to the Lotus Domino 6.x servers using the Notes protocol (NRPC). This vulnerability, if exploited by an attacker, could cause the server to crash, resulting in a Denial of Service.
This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at http://www.ibm.com/developerworks/lotus):
SPR# KSPR66BKN7 - Fixed a potential Denial of Service attack.
More support for:
Lotus End of Support Products
Lotus Domino Server
Software version: 6.0, 6.5
Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS
Reference #: 1202525
Modified date: 2005-07-14