In association with heise online

22 July 2011, 14:43

iCal messages crash Lotus Domino server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM Logo IBM is warning users of a vulnerability in its Lotus Domino product that could be exploited to crash the server. According to the company, an attacker could send a specially crafted iCal message to a Domino server, causing the Router task to utilise 100 per cent of the CPU. When the message is opened in the Notes client, both the client and server will crash. The server will restart, exhaust resources and crash again, repeatedly. The flaw allows for Denial of Service (DoS) attacks on the server.

Versions up to and including Lotus Notes/Domino 8.5.2 Fix Pack 2 (FP2) are reportedly affected. IBM has provided an interim fix in Domino 852FP2IF1. Alternatively, users can upgrade to Lotus Notes/Domino 8.5.2 Fix Pack 3 (FP3), which was released on Monday, to close the hole.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit