Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes authentication processing
Detlev Poettgen Dezember 21 2011 08:46:12 PM
Zeit jetzt aller spätestens ein Update einzuspielen :-(Security Advisory CVE ID: CVE-2011-1393
Fortiguard contacted IBM to report a denial of service attack when a malicious packet is supplied to the Domino Server via Notes RPC. For more information, see Fortiguard Advisory FG-VD-11-007 at http://www.fortiguard.com/. If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specific operation. Note: the use case cited by Fortiguard is very rare and, as such, requires careful coordination by the attacker.
Resolving the problem
| Affected versions |
The following releases of IBM Lotus Domino Server are susceptible to this malicious attack:
8.5.2 FP3 and earlier
8.5.1
8.5
8.0.x
| Recommended Fix |
FG-VD-11-007 has been investigated by IBM and is tracked in SPR# KLYH8FTK5Y. To address the issues, you are encouraged to apply the following IBM Lotus Domino Server releases:
8.5.3
8.5.2 Fix Pack 4 (or later Fix Packs)
| Workarounds |
None
http://www-01.ibm.com/support/docview.wss?uid=swg21575247&myns=swglotus&mynp=OCSSKTMJ&mync=R
- Kommentare [0]
