BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Application development Toolkit

IBM in triple security alert

Tags:
Security Alert,
Domino,
Lotus,
IBM

Winston Chai CNet Asia

Published: 12 Mar 2003 15:27 GMT

A trio of loopholes found in Big Blue's Lotus Notes and Domino application server could have severe safety repercussions, warns US-based security research firm Rapid7.

"The impact of these vulnerabilities range from denial of service to potentially gaining full remote control of the Domino server," Rapid7 said in a statement.

"In some situations, crashing the Domino server can also lead to corruption of Lotus Notes databases, including names and address books," the company added.

Rapid7 is urging systems administrators to upgrade their Lotus Notes software to rectify these flaws, which spans across multiple versions of the product.

Users of R5.0.11 or earlier are advised to upgrade to version R5.0.12, a fixed version which was released by IBM two weeks ago.

Customers using the pre-release versions of Lotus Notes R6 are also affected, and are advised to switch to the newer R6.0.1.

While Rapid7 first issued the security warning last week, the company will only release full details of these vulnerabilities later today.

This is to give system administrators time to fix their systems, the company said.

The practice to delay the full disclosure of such security information is not unusual. Security firms typically do this to prevent malicious users from exploiting the known vulnerabilities before end-users are able to apply the patches.

This is not the first security alarm bell sounded for the software giant's Lotus Notes and Domino server platforms.

Last month, UK-based security consultant Next Generation Security Software also highlighted similar flaws which allow hackers to run malicious code on computers running IBM's Lotus Domino or iNotes software.

When contacted, an IBM spokesman said the fixes for these vulnerabilities have been thoroughly tested and distributed to its customers via maintenance releases such as R6.0.1 and R5.0.12.

"To date, none of our customers have expressed any concern over this," said Erik Elzerman, director of software for IBM ASEAN and South Asia.

Lotus support downloads are available from IBM's Web site.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Did you find this article useful?
37 out of 102 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

IBM
domino

lotus
security alert

Video

Install Flash Player plugin

Find out more: Knuth: England is home of...

All videos
Most popular videos
Latest videos

Most Recent
Most Popular

Discussions

View All

Discussions

View All

Featured Talkback

In association with Network Liberation Movement

The fact is: Software developers today are really designers and not coders. The reason that business anlaysts exist today to model solutions is because they understand the value of designing software before writing it. All too often developers create code that has little value because they do not understand that business classes interact with other classes within the confines of a working model or pattern.