Security Alert (A15-05-01): Multiple Vulnerabilities in IBM Notes, iNotes and Domino


 

Published on: 12 May 2015

  
  

Description:

IBM has issued a security bulletin to address two image parsing buffer overflow vulnerabilities in IBM Domino and one cross-site scripting vulnerability in the IBM Dojo Toolkit in IBM Notes, iNotes and Domino. A remote attacker could exploit these vulnerabilities by enticing a user to visit a specially crafted URL to execute scripts or sending a specially crafted bitmap (.BMP) image to the vulnerable Domino SMTP server.

 

Affected Systems:

  • IBM Notes and Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
  • IBM Notes and Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
  • All 9.0 and 8.5.x releases of IBM Domino prior to those listed above

 

Impact:

Successful exploitation could lead to arbitrary code execution, retrieval of sensitive information and system crash.

 

Recommendation:

The vendor has released fixes to address the issue and they can be downloaded at the following URL:

  • Notes & Domino 9.0.1 Fix Pack 3 (Interim Fix 4 for Notes and Interim Fix 3 for Domino)
    http://www.ibm.com/support/docview.wss?uid=swg21657963

  • Notes & Domino 8.5.3 Fix Pack 6 (Interim Fix 7)
    http://www.ibm.com/support/docview.wss?uid=swg21663874

 

More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg21883245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1903
 



Tag: IBM , IBM Notes , Domino
Tags