iCal messages crash Lotus Domino server
IBM is warning users of a vulnerability in its Lotus Domino product that could be exploited to crash the server. According to the company, an attacker could send a specially crafted iCal message to a Domino server, causing the Router task to utilise 100 per cent of the CPU. When the message is opened in the Notes client, both the client and server will crash. The server will restart, exhaust resources and crash again, repeatedly. The flaw allows for Denial of Service (DoS) attacks on the server.
Versions up to and including Lotus Notes/Domino 8.5.2 Fix Pack 2 (FP2) are reportedly affected. IBM has provided an interim fix in Domino 852FP2IF1. Alternatively, users can upgrade to Lotus Notes/Domino 8.5.2 Fix Pack 3 (FP3), which was released on Monday, to close the hole.
- Domino Server crash on router task while processing iCal message, security advisory from IBM.