Fix Pack eliminates vulnerabilities in IBM’s Lotus Domino
IBM has released Fix Pack 2 for Lotus Domino 7.0.2 to eliminate a bug which allows database managers to exploit a vulnerability in agent signature verification to gain administrative privileges on the server. According to IBM’s security advisory on this issue, an attacker must, however, fulfil certain additional conditions to exploit this vulnerability successfully.
Fix Pack 2 eliminates this bug, and the forthcoming Lotus Domino 7.0.3 version will no longer contain this vulnerability.
Fix Pack 2 also removes a DoS vulnerability in Lotus Domino 7.0.2: Accessing certain URLs can cause a Lotus® Domino® Web Server to crash. Lotus Domino 6.5.6. is also affected by this vulnerability, for which a fix is provided with Fix Pack 3.
- Vulnerability in agent signature verification which may result in elevation of user's rights to Full Access Administrator, advisory by IBM
- Accessing certain URLs can cause the IBM Lotus Domino Web Server to crash, advisory by IBM
(mba)