Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IBM Lotus heap corruption vulnerability

IBM Lotus heap corruption vulnerability

by Mario Miri on April 4th, 2003 IBM Lotus Domino and Notes Client are vulnerable to a heap corruption attack. This is possible due to a bug in NotesRPC service which is responsible for user authentication. An attacker can manipulate some authentication protocol header fields which results in arithmetic error which leads to denial of service condition.


Vulnerable:
Lotus Domino 4.6.1
Lotus Domino 4.6.3
Lotus Domino 4.6.4
Lotus Domino 5.0
Lotus Domino 5.0.1
Lotus Domino 5.0.2
Lotus Domino 5.0.3
Lotus Domino 5.0.4 a
Lotus Domino 5.0.4
Lotus Domino 5.0.5 -French
Lotus Domino 5.0.5
Lotus Domino 5.0.6 a
Lotus Domino 5.0.6
Lotus Domino 5.0.7 a
Lotus Domino 5.0.7
Lotus Domino 5.0.8 a
Lotus Domino 5.0.8 -French
Lotus Domino 5.0.8
Lotus Domino 5.0.9 a
Lotus Domino 5.0.9
Lotus Domino 5.0.10
Lotus Domino 5.0.11
Lotus Notes Client R5
Lotus Notes Client 5.0
Lotus Notes Client 5.0.1
Lotus Notes Client 5.0.2
Lotus Notes Client 5.0.3
Lotus Notes Client 5.0.4
Lotus Notes Client 5.0.5
Lotus Notes Client 5.0.9 a
Lotus Notes Client 5.0.10
Lotus Notes Client 5.0.11


Not vulnerable:
Lotus Domino 5.0.12
Lotus Domino 6.0
Lotus Domino 6.0.1
Lotus Notes Client R6
Lotus Notes Client 6.0
Lotus Notes Client 6.0.1


Solution:
Upgrade is required to non-vulnerable version. Upgrades are available from official product site.

Discovered by:
Rapid7, Inc.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »