Security Alert (A15-04-09): Vulnerability in IBM Domino


 

Published on: 16 April 2015

  
  

Description:

IBM has issued a security bulletin to address a vulnerability caused by a problem in processing GIF files in Domino. A remote attacker could send Internet email with specially crafted GIF files to an affected system to exploit the vulnerability without authentication.

 

Affected Systems:

  • IBM Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
  • IBM Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
  • IBM Domino 9.0 and 8.5.x prior to above

 

Impact:

Successful exploitation could lead to arbitrary code execution and system crash.

 

Recommendation:

IBM has released fixes to address the issue and they can be downloaded at the following URL:

  • IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2
    http://www.ibm.com/support/docview.wss?uid=swg21657963

  • IBM Domino 8.5.3 Fix Pack 6 Interim Fix 4
    http://www.ibm.com/support/docview.wss?uid=swg21663874

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

http://www.ibm.com/support/docview.wss?uid=swg21701647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0135
 



Tag: IBM , Domino
Tags