J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Lotus Notes/Domino LDAP Service Vulnerabilities

Severity: CRITICAL

Description:

Lotus Domino Server is an application framework for web based collaborative software. Lotus Notes is a tool for email, calendar, scheduling and collaboration tasks. Both run on multiple platforms including Microsoft Windows and Unix.

The Lotus Notes/Domino implementation of the LDAP protocol is prone to issues that may result in the execution of attacker-supplied code.

These vulnerabilities are the issues reported in BID 3041, Lotus Domino R5 LDAP Service Buffer Overflow Vulnerabilities, and BID 3042, Lotus Domino R5 LDAP Service Format String Vulnerabilities.

These issues affect Lotus Notes/Domino R6 pre-release and beta versions as well as Lotus Domino R5.0.7 and earlier.

These issues were originally part of BID 7036. As new versions of Lotus Notes and Domino are also affected by this issue, a new BID has been assigned.

Affected Products:

  • Lotus Domino 4.6.1
  • Lotus Domino 4.6.3
  • Lotus Domino 4.6.4
  • Lotus Domino 5.0.0
  • Lotus Domino 5.0.1
  • Lotus Domino 5.0.2
  • Lotus Domino 5.0.3
  • Lotus Domino 5.0.4
  • Lotus Domino 5.0.4 a
  • Lotus Domino 5.0.5
  • Lotus Domino 5.0.5 -french
  • Lotus Domino 5.0.6
  • Lotus Domino 5.0.6 a
  • Lotus Domino 5.0.7
  • Lotus Notes Client 5.0.0
  • Lotus Notes Client 5.0.1
  • Lotus Notes Client 5.0.2
  • Lotus Notes Client 5.0.3
  • Lotus Notes Client 5.0.4
  • Lotus Notes Client 5.0.5
  • Lotus Notes Client R5

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.