Technical Description

Multiple vulnerabilities were identified in IBM Lotus Domino, which could be exploited by attackers to cause a denial of service and possibly execute arbitrary commands.

The first issue is due to a buffer overflow error in CD to MIME Conversion, which could be exploited by attackers to crash the router service and possibly execute arbitrary commands.

The second flaw is due to a stack overflow error in Domino for AIX when processing an overly long formula in "Design", which could be exploited by attackers to cause a denial of service and possibly execute arbitrary commands.

Other vulnerabilities were reported in dunzip32.dll, libraryAgents, Directory Services, IMAP and Web Servers, which could be exploited by attackers to cause a denial of service.

Affected Products

IBM Lotus Domino versions prior to 6.5.5
IBM Lotus Notes versions prior to 6.5.5

Solution

Upgrade to IBM Lotus Domino version 6.5.5 :
http://www-10.lotus.com/ldd/r5fixlist.nsf/Public?OpenView

Upgrade to IBM Lotus Notes version 6.5.5 :
http://www-10.lotus.com/ldd/r5fixlist.nsf/Public?OpenView

References

http://www.vupen.com/english/advisories/2006/0081
http://www-1.ibm.com/support/docview.wss?uid=swg27007054
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/d1150fc9c5dec8b18525709200001da6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/50c634bfe193efa5852570e4001baace?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/071ee9775bb54a3c852570e4001bac62?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument

Credits

Vulnerabilities reported by the vendor and Juha-Matti Laurio

ChangeLog

2006-01-06 : Initial release
2006-09-07 : Updated Advisory

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.