Security

Security bulletins

Security bulletins - archive

Articles and IBM Redbooks

	2006
	2005
	2004
	2003
	2002
	2001
	2000

Security bulletins provide important information about Lotus software products, including known security issues, troubleshooting tips, and more. Security bulletins come from the Lotus Support site.

December 2006

• Understanding Notes/Domino Java Archive (JAR) file signing

November 2006

• IBM Lotus Domino tunekrnl overflow vulnerabilities
• IBM Lotus Notes information leakage on port 1352

October 2006

• Secunia 19537: IBM Lotus Notes insecure default permissions

September 2006

• IBM Lotus Notes File Viewer Overflow Vulnerability (dunzip32.dll)
• AltCopyTo and INetCopyTo fields may be out of sync when using "Reply to All"

July 2006

• Replies to email messages from/to alternate name users may be sent to recipients deleted from the To, cc and bcc fields and show names of users to whom the message was not delivered

June 2006

• Lotus Domino SMTP Based Denial of Service Vulnerability

April 2006

• Wrong Alternate name information added to Contact in Personal Address Book by 'Add Sender to Address Book' action

February 2006

• Potential Denial of Service Vulnerability in Domino LDAP Server Task
• Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers
• Potential Script Insertion Vulnerabilities in Domino Web Access

January 2006

• Is Lotus Notes affected by the Windows Meta File vulnerability reported in Microsoft Security Advisory # 912840?

Back to top

September 2005

• Validating Domino Frameset Src Arguments
• Cross Site Scripting Vulnerability Addressed in Domino 6.5.4 FP1 and 7.0

August 2005

• Does the PasswordDigest field contain a hashed value of the user's Notes ID password?

July 2005

• CYBSEC Advisory: Default Configuration Information Disclosure in Lotus Domino
• Bugtraq posted titled "Cross site scripting in Lotus Notes web mail"

April 2005

• Long String of UNICODE 430 Characters Reported to Cause Denial of Service on Domino Web Server
• CERT VU#699798 - Lotus Domino allows HTTP header injection
• Potential Denial of Service Vulnerability During Notes Authentication
• Buffer Overruns in Certain Date Fields Cause Domino Server Crash
• Potential Denial of Service Vulnerability in Notes Client

Back to top

October 2004

• Response to the "IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )" advisory on Bugtraq

September 2004

• Does Microsoft Security Bulletin MS04-028: "Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)" affect IBM Lotus software Customers?
• MIME Vulnerability Advisory by NISCC Posted September 13, 2004

July 2004

• Security vulnerabilities reported with Java applets
• Lotus Domino Web Access malicious email view remote Denial of Service vulnerability
• Setting mail database quota via Telnet on IMAP overrides settings
• Web Authentication Using Soundex Values May Increase the Risk of a Brute Force Attack
• Potential DOS Vulnerability SSL with IBM Lotus Instant Messaging and Web Conferencing (Sametime) 3.x and 6.5.1

June 2004

• Cross-site Scripting Vulnerability Addressed in 6.0.4 and 6.5.2
• Lotus Notes URI Handler Argument Injection Vulnerability

March 2004

• Webadmin.nsf Vulnerabilites Reported in Advisory

January 2004

• Are file permissions appropriately set for Lotus Domino configuration files on the Linux platform during installation?

Back to top

November 2003

• S/MIME Vulnerability Advisory by NISCC

October 2003

• SSL Vulnerability Advisory by NISCC

August 2003

• IBM Lotus Sametime 1.5 Encryption Vulnerabilities

March 2003

• Response to "Lotus Domino DOT Bug Allows for Source Code Viewing"
• Web Retriever Buffer Overflow May Cause Denial of Service
• Buffer Overflow During Notes Authentication to Domino Server
• Lotus Domino is not vulnerable to Remote Buffer Overflow in Sendmail
• Preventing SMTP Denial of Service Attacks from Specified IP Addresses

February 2003

• Lotus Domino Web Server iNotes Overflow; reported by NGSS
• Lotus Domino Denial of Service Attacks; reported by NGSS
• Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability; reported by NGSS
• Lotus iNotes Web Access Buffer Overrun; reported by NGSS
• Lotus iNotes Client ActiveX Control Buffer Overrun; Reported by NGSS

Back to top

March 2002

• Buffer Overflow Vulnerability during Authentication to Domino Web Server
• Domino R5 SMTP "Denial of Service" Attack Caused by Routing Loop
• Lotus Domino PATH Buffer Overflow Vulnerability
• Lotus Domino Arbitrary File Creation Vulnerability
• Lotus Domino Notes_ExecDirectory Buffer Overflow Vulnerability

February 2002

• Lotus Domino Information Disclosure Vulnerability
• Lotus Domino SNMP Agents R5.0.1a
• Lotus Domino Remote Authentication Bypass Vulnerability
• Lotus Domino User Name Enumeration Vulnerability
• Lotus Domino Web Server DOS-Device Denial of Service Vulnerability

Back to top

December 2001

• Reported Denial of Service Attack using Malformed URL
• Lotus Domino SunRPC Denial of Service Vulnerability

November 2001

• Access to Web Administrator Template via ReplicaID
• Usage of the $DefaultNav Syntax with the Domino Web Server
• Usage of Domino View Access Control Lists (ACLs)

October 2001

• Controlling the Execution of Potentially Malicious Code in Notes Mail Messages
• C API Program Can Extract File Attachments from Documents Regardless of Reader Name Access Controls

July 2001

• Domino R5 SMTP Server Buffer Overflows if Domain Restrictions are Enabled

April 2001

• Q&A: BugTraq "Lotus Notes Stored Form Vulnerability"

February 2001

• Domino R5 Server or Router Crashes in ccSTRAtoi When Processing Malformed HTML Code

January 2001

• Lotus Response to Domino Server Directory Traversal Vulnerability
• Lotus Response to Reported Security Vulnerability (ACLs)

Back to top

July 2000

• Response to DefCon 8.0 Presentation on Domino Security Vulnerability

Back to top