SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   IBM iNotes and Domino Vendors:   IBM
IBM Lotus Domino GIF File Processing Flaw Lets Remote Users Execute Arbitrary C ode
SecurityTracker Alert ID:  1033974
SecurityTracker URL:  http://securitytracker.com/id/1033974
CVE Reference:   CVE-2015-4994, CVE-2015-5040   (Links to External Site)
Date:  Oct 27 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.5.1, 8.5.2, 8.5.3, 9.0, 9.0.1
Description:   Two vulnerabilities were reported in IBM Lotus Domino. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create a specially crafted GIF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target SMTP server.

The vendor has assigned SPR KLYH9ZDKRE and KLYH9ZTLEZ to these vulnerabilities.

Saran Neti of TELUS Security Labs reported this vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target system.
Solution:   IBM has issued a fix (8.5.3 Fix Pack 6 Interim Fix 10, 9.0.1 Fix Pack 4 Interim Fix 3).

The IBM advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21969050

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21969050 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC