J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

Severity: CRITICAL

Description:

IBM Lotus Domino Server is an application framework for Web-based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

A remote format string vulnerability affects IBM Lotus Domino Server. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.

The problem presents itself during Lotus Notes authentication with an affected Domino server using the Notes Remote Procedure Call (NRPC) protocol. The second packet that the client transmits, once the TCP connection is established, contains a distinguished name, for example : 'CN=example/o=acme'. If this distinguished name contains a format specifier, it is passed to vsprintf() as the format string.

Reportedly this issue can only be leveraged to trigger a denial of service, however, due to its nature, it is likely that it will facilitate code execution as well.

Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected application; typically, the application runs with escalated privileges.

Affected Products:

  • IBM Lotus Domino 6.0.0
  • IBM Lotus Domino 6.0.1
  • IBM Lotus Domino 6.0.2
  • IBM Lotus Domino 6.0.2 CF2
  • IBM Lotus Domino 6.0.3
  • IBM Lotus Domino 6.5.0 .0
  • IBM Lotus Domino 6.5.1
  • IBM Lotus Domino 6.5.2
  • IBM Lotus Domino 6.5.3

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.