|
Systems Affected
IBM Domino 8.5.x before 8.5.3 Fix Pack 6 Interim Fix 6
IBM Domino 8.5.x before 8.5.1 Fix Pack 5 Interim Fix 3, 8.5.2 before Fix Pack 4 Interim Fix 3, 8.5.3 before Fix Pack 6 Interim Fix 6
IBM Domino 9.x before 9.0.1 Fix Pack 3 Interim Fix 1
IBM Domino 9.0 before Interim Fix 7, and 9.0.1 before Fix Pack 2 Interim Fix 3
Threat Level
Overview
Multiple vulnerabilities have been reported in IBM Domino which could be exploited by an attacker to gain elevated privileges, create a buffer overflow and execute arbitrary code on the targeted system.
Description
1. IBM Domino LDAP Server Remote Code Execution Vulnerability ( CVE-2015-0117 )
The vulnerability exists in IBM Domino due to an unspecified error in LDAP server. A remote attacker could exploit this vulnerability by sending specially crafted data to trigger a buffer overflow in the LDAP server which could allow the attacker to execute arbitrary code on the targeted system.
2. IBM Domino SSLv2 Remote Code Execution Vulnerability ( CVE-2015-0134 )
The vulnerability exists in IBM Domino due to an unspecified error in SSLv2 implementation. A remote attacker could exploit this vulnerability by sending specially crafted data to trigger a buffer overflow in the SSLv2 implementation which could allow the attacker to execute arbitrary code on the targeted system.
3. IBM Domino Notes System Diagnostic (NSD) Privilege Escalation Vulnerability ( CVE-2015-0179 )
The vulnerability exists in IBM Notes and Domino NSD which could allow an authenticated local user to gain administrative privileges on the targeted system.
Impact
Solution/ Workarounds
Apply appropriate patches as mentioned in the IBM Security Bulletin
http://www-01.ibm.com/support/docview.wss?uid=swg21700029
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
