Lotus Domino Memory Mapped Files Arbitrary Access Vulnerability

Bugtraq ID:	26146
Class:	Access Validation Error
CVE:	CVE-2007-5544
Remote:	No
Local:	Yes
Published:	Oct 23 2007 12:00AM
Updated:	Oct 25 2007 02:26AM
Credit:	Ollie Whitehouse of Symantec is credited with the discovery of this vulnerability.
Vulnerable:	IBM Lotus Notes 6.5.6 IBM Lotus Notes 8.0 IBM Lotus Notes 7.0.2 FP1 IBM Lotus Notes 6.5.5 FP3 IBM Lotus Domino 7.0.3 IBM Lotus Domino 6.5.6 IBM Lotus Domino 6.5.5 FP3 IBM Lotus Domino 8.0
Not Vulnerable:

Lotus Domino Memory Mapped Files Arbitrary Access Vulnerability

Lotus Domino is prone to a vulnerability that may allow attackers to access other users' sessions.

An attacker could exploit this issue to read or write content to arbitrary Lotus Notes sessions when deployed in a shared environment.

Lotus Domino Memory Mapped Files Arbitrary Access Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Lotus Domino Memory Mapped Files Arbitrary Access Vulnerability

Solution:
The vendor released updates to address this issue. Please see the references for more information.

Lotus Domino Memory Mapped Files Arbitrary Access Vulnerability

References:

• IBM Lotus Domino Web Access Home Page (IBM )
  
• IBM Lotus Notes Homepage (IBM)
  
• SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability ([email protected])
  
• Potential vulnerability in Notes/Domino memory mapped files (IBM)