Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in IBM Domino

 

Systems Affected


IBM Domino 8.5.x before 8.5.3 Fix Pack 6 Interim Fix 6
IBM Domino 8.5.x before 8.5.1 Fix Pack 5 Interim Fix 3, 8.5.2 before Fix Pack 4 Interim Fix 3, 8.5.3 before Fix Pack 6 Interim Fix 6
IBM Domino 9.x before 9.0.1 Fix Pack 3 Interim Fix 1
IBM Domino 9.0 before Interim Fix 7, and 9.0.1 before Fix Pack 2 Interim Fix 3

Threat Level


High


Overview


Multiple vulnerabilities have been reported in IBM Domino which could be exploited by an attacker to gain elevated privileges, create a buffer overflow and execute arbitrary code on the targeted system.


Description


1. IBM Domino LDAP Server Remote Code Execution Vulnerability ( CVE-2015-0117 )
The vulnerability exists in IBM Domino due to an unspecified error in LDAP server. A remote attacker could exploit this vulnerability by sending specially crafted data to trigger a buffer overflow in the LDAP server which could allow the attacker to execute arbitrary code on the targeted system.

2. IBM Domino SSLv2 Remote Code Execution Vulnerability ( CVE-2015-0134 )
The vulnerability exists in IBM Domino due to an unspecified error in SSLv2 implementation. A remote attacker could exploit this vulnerability by sending specially crafted data to trigger a buffer overflow in the SSLv2 implementation which could allow the attacker to execute arbitrary code on the targeted system.

3. IBM Domino Notes System Diagnostic (NSD) Privilege Escalation Vulnerability ( CVE-2015-0179 )
The vulnerability exists in IBM Notes and Domino NSD which could allow an authenticated local user to gain administrative privileges on the targeted system.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in the IBM Security Bulletin
http://www-01.ibm.com/support/docview.wss?uid=swg21700029


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.