IBM Fixes Flaws in Notes E-Mail, Domino Server
IBM Corp. patched four vulnerabilities in its Notes and Domino e-mail software to plug holes that could be used to access information or infect systems with malicious code.
Collectively ranked as "moderately critical" by Danish bug tracker Secunia ApS, the four vulnerabilities involve Notes' IMAP service; its scripting language, LotusScript; the Domino server's command console; and how both Notes and Domino map memory in Windows when they're used in a shared environment such as Citrix.
"Lotus Domino is prone to a vulnerability that may allow attackers to access other users' sessions," said Symantec Corp. in a advisory posted Wednesday. A Symantec researcher, Ollie Whitehouse, was credited with reporting the memory mapping bug to IBM.
"If the Lotus Notes client is used in a Microsoft Terminal Services or Citrix environment, users can read each other's Lotus Notes session data, including items such as e-mail," the Symantec advisory said. "This vulnerability could also be used to write to the memory mapped files, [allowing] an attacker to potentially inject active content such as Lotus Script."
Attackers could exploit the IMAP (Internet Message Access Protocol) bug to cause a buffer overflow, which would then allow them to execute malicious code remotely. "Under Windows, the privileges gained are, by default, that of the SYSTEM user," said iDefense in a warning posted Wednesday. "This allows an attacker to take complete control of the compromised system."
The caveat: Attackers must have valid logon credentials for the IMAP service. Those, however, could be obtained in a phishing attack; alternately, a disgruntled employee with access to IMAP could launch an attack.
IBM issued security bulletins Wednesday for each vulnerability, and provided links to updates to versions 7.0.3 and 8.0.that patch the problems. The updates can also be downloaded from the Lotus Upgrade Central Web site.