Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2006 > CIAC INFORMATION BULLETIN: 1229918 - IBM - Potential Buffer Overflow and Directory Traversal Vulnerabilities

February 2006

CIAC INFORMATION BULLETIN: 1229918 - IBM - Potential Buffer Overflow and Directory Traversal Vulnerabilities

ID: 00145
Ref: 143/2006
Date: 17 February 2006:11:23:33
Version: 1
Title: CIAC INFORMATION BULLETIN: 1229918 - IBM - Potential Buffer Overflow and Directory Traversal Vulnerabilities
Abstract: Several buffer overflow vulnerabilities and one directory traversal vulnerability in the Key View viewers used in Lotus Notes.
Vendors affected: CIAC
Operating systems affected: CIAC
Applications affected: CIAC
Title
=====

CIAC INFORMATION BULLETIN: 1229918 - IBM - Potential Buffer Overflow and Directory
Traversal Vulnerabilities

Detail
======

Several buffer overflow vulnerabilities and one directory traversal vulnerability
in the Key View viewers used in Lotus Notes.




- -----BEGIN PGP SIGNED MESSAGE-----


__________________________________________________________

The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________

INFORMATION BULLETIN

IBM - Potential Buffer Overflow and Directory Traversal Vulnerabilities
[1229918]

February 16, 2006 20:00 GMT Number Q-131
______________________________________________________________________________
PROBLEM: Several buffer overflow vulnerabilities and one directory
traversal vulnerability inthe Key View viewers used in Lotus
Notes.
PLATFORM: Product categories:
Software
Messaging Applications
Advanced Messaging
Lotus Notes
Operating system(s):
Windows Software version: 6.0.5, 7.0, 6.0.1.1, 6.5.4, 6.0.4, 6.0.1.2,
6.5, 6.5.3.1, 6.5.1, 6.0.1.3, 6.5.2, 6.5.2.1, 6.5.3, 6.0.2.1,
6.0.3, 6.0.2.2, 6.0, 6.0.1
DAMAGE: A buffer Overflow and directory traversal vulnerability.
SOLUTION: Follow the product work around.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. To successfully exploit these issues, an
ASSESSMENT: attacker would need to send a specially crafted file attachment
to users, and the users would have to double click and "View"
the attachment.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-131.shtml
ORIGINAL BULLETIN: IBM - 1229918
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2005-2618
______________________________________________________________________________


- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBQ/Tm67nzJzdsy3QZAQF+bgP/Wi3QFpK3Vp954mAo+YQJHry2V9Pntjrk
Gu9SGZPBikCzXu5Q6Ri4+4fs2rVoHjvaUd4SD1sgp8Sl+95hV7+QZsmvCETvWQr7
WMTn8gAsbrg/yaCKbyyOnXlpjuYqkHemjsSBNy4NLi5vX6/OvqG0sWY5NPLuYJWF
1GcZ5SVCSHY=
=M5xW
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |