Dennis' Domino Blog
« IBM Lotus Domino RPC Operation Denial of Service VulnerabilityIBM Sametime client for iOS »

IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

Permalink 12/01/11 08:22, by Dennis van Remortel, Categories: Administration, IBM, security
Via SecurityFocus:
Bugtraq ID: 46985
Class: Unknown
CVE: CVE-2011-1519
Remote: Yes
Local: No
Published: Mar 22 2011 12:00AM
Updated: Dec 01 2011 06:36AM
Credit: Patrik Karlsson
Vulnerable: IBM Lotus Domino 8.5.3
IBM Lotus Domino 8.5.2
IBM Lotus Domino 8.5.1 Fix Pack 2
IBM Lotus Domino 8.5.1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2 Fix Pack 5
IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.0.1
IBM Lotus Domino 7.0.4
IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1)
IBM Lotus Domino 7.0.3
IBM Lotus Domino 7.0.2 FP3
IBM Lotus Domino 7.0.2 FP2
IBM Lotus Domino 7.0.2 FP1
IBM Lotus Domino 7.0.2
IBM Lotus Domino 7.0.1
IBM Lotus Domino 7.0
IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.5.5 FP3
IBM Lotus Domino 6.5.5 FP2
IBM Lotus Domino 6.5.5 FP1
IBM Lotus Domino 6.5.5
IBM Lotus Domino 6.5.4 FP 2
IBM Lotus Domino 6.5.4 FP 1
IBM Lotus Domino 6.5.4
IBM Lotus Domino 6.5.3
IBM Lotus Domino 6.5.2 FP 1
IBM Lotus Domino 6.5.2
IBM Lotus Domino 6.5.1
IBM Lotus Domino 6.5 .0
IBM Lotus Domino 6.0.5
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.0.3
IBM Lotus Domino 6.0.2 CF2
IBM Lotus Domino 6.0.2
IBM Lotus Domino 6.0.1
IBM Lotus Domino 6.0
IBM Lotus Domino 5.0.13
IBM Lotus Domino 8.5.2 FP3
IBM Lotus Domino 8.5.1.1
IBM Lotus Domino 8.5.0.1
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2.4
IBM Lotus Domino 8.0.2.3
IBM Lotus Domino 8.0.2.2
IBM Lotus Domino 8.0.2.1
IBM Lotus Domino 8.0
IBM Lotus Domino 0
Not Vulnerable:


IBM Lotus Domino is prone to a remote authentication-bypass vulnerability.

Successfully exploiting this issue will allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

The following exploit is available:

Solution:

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

References:
Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic



Search

XML Feeds

Planet Lotus

powered by b2evolution

©2014 by Dennis van Remortel

Contact | b2evo skin by Asevo | PHP framework | VPS | François