ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Application development Toolkit

IBM in triple security alert

Winston Chai CNet Asia

Published: 12 Mar 2003 15:27 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A trio of loopholes found in Big Blue's Lotus Notes and Domino application server could have severe safety repercussions, warns US-based security research firm Rapid7.

"The impact of these vulnerabilities range from denial of service to potentially gaining full remote control of the Domino server," Rapid7 said in a statement.

"In some situations, crashing the Domino server can also lead to corruption of Lotus Notes databases, including names and address books," the company added.

Rapid7 is urging systems administrators to upgrade their Lotus Notes software to rectify these flaws, which spans across multiple versions of the product.

Users of R5.0.11 or earlier are advised to upgrade to version R5.0.12, a fixed version which was released by IBM two weeks ago.

Customers using the pre-release versions of Lotus Notes R6 are also affected, and are advised to switch to the newer R6.0.1.

While Rapid7 first issued the security warning last week, the company will only release full details of these vulnerabilities later today.

This is to give system administrators time to fix their systems, the company said.

The practice to delay the full disclosure of such security information is not unusual. Security firms typically do this to prevent malicious users from exploiting the known vulnerabilities before end-users are able to apply the patches.

This is not the first security alarm bell sounded for the software giant's Lotus Notes and Domino server platforms.

Last month, UK-based security consultant Next Generation Security Software also highlighted similar flaws which allow hackers to run malicious code on computers running IBM's Lotus Domino or iNotes software.

When contacted, an IBM spokesman said the fixes for these vulnerabilities have been thoroughly tested and distributed to its customers via maintenance releases such as R6.0.1 and R5.0.12.

"To date, none of our customers have expressed any concern over this," said Erik Elzerman, director of software for IBM ASEAN and South Asia.

Lotus support downloads are available from IBM's Web site.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
36 out of 100 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Application development


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Lotus Notes Developer

Lotus Notes/Lotus Domino Developer: Warrington

Junior Lotus Notes Developer - Wales - 3 Month Contract

Discussions

ceebee ceebee

xG update - money, mystery and more

Sunday 12 October 2008, 1:40 AM

7 comments
roger andre roger andre

How to Rip DVD to iPod, MP4, AVI, WMV

Sunday 12 October 2008, 1:20 AM

2 posts
roger andre roger andre

Unwittingly Working For Google.

Saturday 11 October 2008, 11:42 PM

4 comments
Adrian Bridgwater Adrian Bridgwater

Unwittingly Working For Google.

Saturday 11 October 2008, 10:13 AM

4 comments

View All

Featured Talkback

In association with Intel
The fact is: Software developers today are really designers and not coders. The reason that business anlaysts exist today to model solutions is because they understand the value of designing software before writing it. All too often developers create code that has little value because they do not understand that business classes interact with other classes within the confines of a working model or pattern.

By: 1000165269

Read full story:
Making sense of agile modelling