----------------------------------------------------------------------

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Lotus Notes/Domino Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA14879

VERIFY ADVISORY:
http://secunia.com/advisories/14879/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, DoS

WHERE:
>From remote

SOFTWARE:
IBM Lotus Notes 6.x
http://secunia.com/product/388/
IBM Lotus Domino 6.x
http://secunia.com/product/720/

DESCRIPTION:
Some vulnerabilities have been reported in Lotus Notes/Domino, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

1) A boundary error within the Domino Server when processing certain
time/date fields, which can be updated from the web, can be exploited
to cause a buffer overflow by passing a large amount of data.

According to the vendor, successful exploitation crashes the Domino
server. Code execution has reportedly not been proven.

2) A format string error in the Domino server when handling
authentication using the NRPC Notes protocol can be exploited via a
specially crafted string containing format specifiers.

According to the vendor, successful exploitation crashes the Domino
server. Code execution has reportedly not been proven.

3) An unspecified boundary error in NOTES.INI on a Lotus Notes client
can be exploited to cause a buffer overflow.

According to the vendor, successful exploitation causes the client to
crash, but requires local access to the NOTES.INI file. Code execution
has reportedly not been proven.

4) An error in the @SetHTTPHeader function can be exploited to inject
arbitrary content into the header and potentially conduct HTTP
response splitting attacks or proxy cache poisoning.

According to the vendor, the vulnerable function is only available to
application developers, and successful exploitation requires the
ability to install a malicious application on the Lotus Domino
server.

SOLUTION:
Update to Lotus Notes and Domino release 6.5.4 or 6.0.5.

PROVIDED AND/OR DISCOVERED BY:
1) Mark Litchfield, NGS Software.
2-3) Ollie Whitehouse, Symantec.
4) Juan C Calderon

ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------