Description:
A vulnerability is found in the Notes System Diagnostic (NSD) service of the IBM Notes and Domino Windows versions. An attacker could send a specially crafted command line to the NSD service via the shared memory IPC to exploit the vulnerability.
Affected Systems:
- IBM Notes 9.0.1 to IBM Notes 9.0.1 Feature Pack 10 Interim Fix 5
- IBM Notes 9.0 to IBM Notes 9.0 Interim Fix 4
- IBM Domino 9.0.1 through 9.0.1 Feature Pack 10 Interim Fix 4
- IBM Domino 9.0 through 9.0 Interim Fix 4
Impact:
A successful attack could lead to arbitrary command execution on an affected system.
Recommendation:
The vendor has released fixes to address the issue and they can be downloaded at the following URLs:
- IBM Domino 9.0.1 Feature Pack 10 Interim Fix 5
https://www-01.ibm.com/support/docview.wss?uid=swg21657963#DominoDownloads
- IBM Notes Basic 9.0.1 Feature Pack 10 Interim Fix 6
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FLotus%2FLotus+Notes&fixids=Notes_901FP10IF6_W32_Standard&source=SAR
- IBM Notes Basic 9.0.1 Feature Pack 10 Interim Fix 6
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FLotus%2FLotus+Notes&fixids=Notes_901FP10IF6_W32_Basic&source=SAR
More Information:
https://www-01.ibm.com/support/docview.wss?uid=ibm10743405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1771