Security Alert (A15-10-07): Multiple Vulnerabilities in IBM Domino


 

Published on: 26 October 2015

Description:

IBM has issued a security bulletin to address two GIF parsing buffer overflow vulnerabilities in IBM Domino. A remote attacker could exploit these vulnerabilities by sending a specially crafted GIF image in email to a vulnerable Domino SMTP server.


Affected Systems:

  • IBM Domino 9.0.1 Fix Pack 4 Interim Fix 2 and earlier
  • IBM Domino 8.5.3 Fix Pack 6 Interim Fix 9 and earlier
  • All 9.0.0x, 8.5.2x and 8.5.1x releases of IBM Domino

Impact:

Successful exploitation could lead to arbitrary code execution and system crash.


Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URL:

  • Notes & Domino 9.0.1 Fix Pack 4 (Interim Fix 3 for Domino)
    http://www.ibm.com/support/docview.wss?uid=swg21657963

  • Notes & Domino 8.5.3 Fix Pack 6 (Interim Fix 10 for Domino)
    http://www.ibm.com/support/docview.wss?uid=swg21687167


More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg21969050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5040



Tag: IBM , Domino
Tags