Lotus Notes integrates messaging, calendaring and scheduling capabilities with a platform for collaborative applications. iNotes is the part of Notes that provides web-based messaging. Lotus Notes versions 5.0.x and 6.0 contain multiple buffer overflows that can allow an attacker to execute arbitrary code or create a denial of service (DoS) condition.
The first buffer overflow exists in the PresetFields parameter in iNotes. iNotes fails to properly parse requests to web-based mail services. An attacker can create a long request in the Options field and overflow the buffer. A skilled attacker may be able to insert code to execute in the security context of the host system.
A second overflow can occur when certain malformed URLs are submitted. There is little information available to describe the details of this vulnerability, but it has been assigned a unique Tech Note number by IBM.
Exploiting the third buffer overflow vulnerability, an attacker can supply a long request to overflow the buffer in the Lotus Domino Session ActiveX control. An attacker can insert code to execute in the security context of the system. This vulnerability affects only Notes 6.0.
The fourth vulnerability occurs when an incomplete POST request is sent to the server. The server becomes confused and is unable to process the request and denies service to users. An administrator is required to reboot the server to restore functionality.
The last vulnerability can be executed by initiating a false value field POST request. The request causes the server to become unresponsive to users. Rebooting the server restores Domino to normal operation.
Exploits for the POST vulnerabilities have been made publicly available.
Updated versions are available.