Location : Cleveland, OH
Right now, there seems to be an issue getting to the IBM Support sites. I wanted some sort of confirmation/TechNote but will have to wait.
From the December 24 Cyber Security Bulletin, and ranked as a High severity:
You can read the original text at the link. I'm sorry that I can't provide any further information until the IBM Support Sites come back up..
Link: US-CERT: Cyber Security Bulletin SB07-365
Link: IBM/Lotus Security Site (thanks, Andy)
UPDATE (01/04/2007): Lotus has released a TechNote Bulletin on this topic that says, in part:
In order for an attacker to successfully exploit this vulnerability in previous releases, the following must be accomplished:
(1) The Lotus Domino Web Access feature needs to be enabled to allow users to access their mail via a web browser.
(2) Attacker must compose and send either a specifically crafted message or attachment to a user.
(3) The user must be persuaded to view the message or attachment via a Browser accessing a Lotus® Domino® server with the Web Access capability enabled.
Read the whole TechNote (once again, thanks, Andy):
Link: CERT VU#963889 - ActiveX Control Buffer Overflow in Lotus Domino Web Access (iNotes)
Technorati tag: Lotus Domino
Comment posted by Andy Donaldson01/03/2008 06:57:49 PM
Homepage: http://blog.macian.net
Hey Gregg,
I looked on Lotus' Security site (http://www.ibm.com/developerworks/lotus/security/) and they don't have anything listed yet.
Comment posted by Gregg Eldred01/03/2008 09:56:59 PM
Homepage: http://www.ns-tech.com/blog/geldred.nsf
@Andy: Thanks for the link. I've moved it to the body of the post.
Comment posted by Andy Donaldson01/04/2008 01:06:03 PM
Homepage: http://blog.macian.net
Gregg,
An update has appeared on the Lotus security site:
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21279071
Domino 7.0.3 at least fixes one of the issues.
Powered By : Domino
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net