Dan Ritter & the VCC contacted IBM Lotus to report a potential security vulnerability that could result in both a denial of service, as well as, remote execution of code. In specific situations, the exploit would cause the Lotus Notes client to crash.
This issue, which is caused by a specially crafted SMTP message, could result in one of the following known stack traces in the NSD, depending on the Notes client version deployed.
Fatal Thread #1: nlnotes
Fatal Thread #2: nlnotes
Fatal Thread #3: nlnotes
There are two variations that could expose this type of security vulnerability. These issues were reported to Quality Engineering as SPR# SNES6NMVG7 and ABUI76AJAM . Refer to the table below for details.
The issues are similar in that they expose a security vulnerability that is exploited by a specific SMTP message.
|SPR #||Exploit Specifics||Fixed Versions|
|SNES6NMVG7||Specific text must be included in the SMTP message||Fixed in Lotus Notes versions 7.0.2 CCH, 7.0.3, and 8.0|
|ABUI76AJAM||A specific attachment must be included in the SMTP message||Fixed in Lotus Notes versions 7.0.2 CCH, 7.0.3 CCH, and 8.0.1|
Refer to the Upgrade Central site for details on upgrading Notes/Domino.
Note: These issues impact the Lotus Notes client only; it does not impact the Domino server.
|Security Rating using Common Vulnerability Scoring System (CVSS) v2|
|CVSS Base Score: < 9.3 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 7.3 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 7.3 >
|Base Score Metrics:
|Temporal Score Metrics:
|*The CVSS Environment Score is customer-environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.|
|23 October 2007||Initial publication.|
|20 February 2008||Added SPR #ABUI76AJAM|