Info

Disclosure

Apr 06, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Lotus Notes client contains a flaw that may allow a local denial of service. The issue is caused by an overflow condition triggered from processing the notes.ini configuration file, and may result in loss of availability. The issue can only be triggered by an attacker with local access to notes.ini and used to create a denial of service condition.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.5.4 or 6.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	Lotus Notes	6.5.3
		6.0.4

References

Security Tracker: 1013841
Secunia Advisory ID: 14879
Related OSVDB ID: 15364 15365 15366
CVE ID: 2005-1442 (see also: NVD)
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526
Vendor URL: http://www.lotus.com/products/product4.nsf/wdocs/dominohomepage

Credit

Ollie Whitehouse - ollie_whitehousesymantec.com - Symantec Corp.

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

Lotus Notes

References

Credit