| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201112310140.pBV1e2Wd032389-pBV1e2Wf032389@smtp.fortinet.com>
Date: Sat, 31 Dec 2011 09:40:10 +0800
From: "noreply-secresearch@...tinet.com"<noreply-secresearch@...tinet.com>
To: "full-disclosure" <full-disclosure@...ts.grok.org.uk>,
"bugtraq" <bugtraq@...urityfocus.com>
Subject: [FG-VD-11-007]IBM Lotus Notes/Domino Server
Remote Denial of Service Vulnerability
[FG-VD-11-007]IBM Lotus Notes/Domino Server Remote Denial of Service Vulnerability
2011.December.30
Summary:
Fortinet's FortiGuard Labs has discovered a Remote Denial of Service Vulnerability in IBM Lotus Notes/Domino Server.
Impact:
Remote Denial of Service
Risk:
High (CVSS Base Score:7.8)
Affected Software:
IBM Lotus Domino Server
8.5.2 FP3 and earlier
8.5.1
8.5
8.0.x
Additional Information:
The vulnerability occurs while IBM Lotus Notes/Domino Server handles malformed TCP packet. Successful exploitation could cause the server
crash instantly.
Solutions:
==========
Use the solution provided by IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21575247
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this Remote Denial Of Service
vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such
as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and
network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to
deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are
delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure
optimum protection during a threat's lifecycle.
Acknowledgement:
================
Xiaopeng Zhang of Fortinet's FortiGuard Labs
References:
===========
http://www.fortiguard.com/advisory/FGA-2011-40.html
http://www-01.ibm.com/support/docview.wss?uid=swg21575247
CVE ID: CVE-2011-1393
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1393
*** Please note that this message and any attachments may contain confidential
and proprietary material and information and are intended only for the use of
the intended recipient(s). If you are not the intended recipient, you are hereby
notified that any review, use, disclosure, dissemination, distribution or copying
of this message and any attachments is strictly prohibited. If you have received
this email in error, please immediately notify the sender and destroy this e-mail
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed
in this message are those of the individual sender and do not necessarily reflect
the views of Fortinet, Inc., its affiliates, and emails are not binding on
Fortinet and only a writing manually signed by Fortinet's General Counsel can be
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists