Location : Cleveland, OH
TippingPoint Zero Day Initiative (ZDI) contacted IBM Lotus to report eight potential buffer overflow vulnerabilities in Lotus Notes and Domino; for four of which IBM Lotus has fixes, one of which IBM Lotus continues to investigate a fix, and three of which IBM Lotus cannot reproduce and is pursuing additional information.
. . . Most of these attacks represent denial of service attacks by buffer overflow. To exploit these vulnerabilities, an attacker would need to send maliciously malformed messages to the Lotus Domino server over a variety of protocols as indicated below. However, in specific situations, there exists the possibility to execute arbitrary code. In the case of ZDI-11-051 (SPR# PRAD82YJW2), malicious users could supply damaged cai::URIs to facilitate execution of arbitrary code in Notes. Refer to the table for more information on each, including the SPR number for tracking purposes and, where applicable, fix availability.
More >
Powered By : Domino
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net