Potential vulnerability in Notes/Domino memory mapped files

Technote (FAQ)


Question

Ollie Whitehouse from Symantec contacted IBM Lotus to report a vulnerability in how memory mapped files are used with Lotus Notes and Domino on the Microsoft Windows platform in shared user environments, for example, using Citrix.

The advisory can be accessed at the following link:
http://www.symantec.com/research



Cause

By default, "Everyone" on the Windows system has access to shared memory created by Notes and Domino processes. This may pose a security risk in shared Notes user environments, such as when running multiple Notes clients on a Citrix server. The Domino server also uses shared memory, but as Domino servers are generally well protected, this may pose less of a risk.


To successfully exploit this vulnerability, an attacker must have local access to the system and must execute a malicious program.


Answer

This issue was reported to Quality Engineering as SPR# KEMG6B7MMJ, and has been fixed in the following releases:


    - - Lotus Notes releases 6.5.6, 7.0.3 and 8.0.
    - - Lotus Domino releases 6.5.5 Fix Pack 3 (FP3), 7.0.2 Fix Pack 1 (FP1), 6.5.6, 7.0.3 and 8.0.
To implement the fix, the following notes.ini parameter must be enabled:
    SharedMemoryAllowOnly=1

This will restrict access of newly created shared-memory to the Windows user account that launches Notes/Domino and which creates Notes/Domino shared memory.

Refer to the Upgrade Central site for details on upgrading Notes/Domino.


Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 6.2 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 1.9 >
CVSS Temporal Score: < 4.9 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 4.9 >
    Base Score Metrics:
    • Related exploit range/Attack Vector: < Local >
    • Access Complexity: < High >
    • Authentication < None >
    • Confidentiality Impact: < Complete >
    • Integrity Impact: < Complete >
    • Availability Impact: < Complete >
    Temporal Score Metrics:
    • Exploitability: < Proof of Concept >
    • Remediation Level: < Official Fix >
    • Report Confidence: < Confirmed >

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus End of Support Products
Lotus Notes

Software version:

6.5, 7.0

Operating system(s):

Windows

Reference #:

1257030

Modified date:

2011-05-22

Translate my page

Machine Translation

Content navigation