IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

Bugtraq ID:	13446
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 29 2005 12:00AM
Updated:	Apr 29 2005 12:00AM
Credit:	Ollie Whitehouse of Symantec is credited with the discovery of this issue.
Vulnerable:	IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0 IBM Lotus Domino 6.0.3 IBM Lotus Domino 6.0.2 CF2 IBM Lotus Domino 6.0.2 IBM Lotus Domino 6.0.1 IBM Lotus Domino 6.0
Not Vulnerable:	IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.0.5

IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

A remote format string vulnerability affects IBM Lotus Domino Server. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.

Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected application; typically the application runs with escalated privileges.

IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

Solution:
The vendor has released upgrades dealing with this issue. Users are advised to contact the vendor for more information on obtaining upgraded software. For more information, please see the reference section.

IBM Lotus Domino Server Notes Remote Procedure Call Remote Format String Vulnerability

References:

• Lotus Domino Product Homepage (IBM)
  
• Potential Denial of Service Vulnerability During Notes Authentication (IBM)