Potential Denial of Service Vulnerability in Notes Client

Technote (FAQ)


Question

Ollie Whitehouse of Symantec reported a buffer overflow condition in the NOTES.INI on the Lotus Notes client, which if exploited could cause the client to crash. This vulnerability cannot be remotely exploited by an attacker; local access to the NOTES.INI file is required.

This problem has not been demonstrated to result in execution of malicious code.


Answer

This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.


Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at http://www.ibm.com/developerworks/lotus):

Security

  • SPR# KSPR68USBE - Fixed a potential Denial of Service attack.


Rate this page:

(0 users)Average rating

Document information


More support for:

Lotus End of Support Products
Lotus Notes

Software version:

6.0, 6.5

Operating system(s):

Mac OS, Windows

Reference #:

1202526

Modified date:

2010-02-03

Translate my page

Machine Translation

Content navigation