357 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
SABnzbd 0.7.18
Wed, Aug 20th 2014 86
CESA-2014:0981 Important CentOS 6 kernel Update
Wed, Aug 20th 2014 86
Sophos UTM Up2Date 9.204020 package
Fri, Aug 1st 2014 142
FRITZ!OS: New Firmware 6.05
Thu, May 29th 2014 500
IBM Notes and the Heartbleed Bug.
Sun, Apr 20th 2014 562
Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g
Sun, Apr 20th 2014 1533
Heartbleed Security Bug fixes for VMware
Sun, Apr 20th 2014 576
Top 10
What's the difference between Server 2008 and Server 2008 R2 Features Matrix
Wed, Dec 19th 2012 3701
Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g
Sun, Apr 20th 2014 1533
Comparing Lotus Domino/Notes and Exchange Server 2010
Tue, Feb 12th 2013 1349
Running Sophos UTM Firewall Release 9.200-11 on VMware ESX
Thu, Mar 6th 2014 1064
Exchange 2013 Hide SMTP header information
Sat, Sep 28th 2013 999
Running WSUS 3.0 SP2 Version: 3.2.7600.256
Wed, Mar 27th 2013 902
Firmware Update FRITZ!Box Fon WLAN 7360. (FRITZ!OS 6.03)
Thu, Feb 13th 2014 828
Microsoft Exchange 2013 SCL level configuration
Fri, Sep 20th 2013 776
What the heck is SCSI PVSCSI (Paravirtual SCSI) ?
Mon, Sep 24th 2012 737
CentOS 6 VMXNET 3 and Paravirtual SCSI
Mon, Sep 24th 2012 598


IBM Lotus Domino RPC Operation Denial of Service Vulnerability. 8.5.2
John Willemse    


According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specific operation.", so a relatively low threat. Upgrade to 8.5.3 if you can, if not (because of the server changes in 8.5.3) upgrade to 8.5.2 FP4.

Source:
SecurityFocus
IBM Lotus Domino RPC Operation Denial of Service Vulnerability
Bugtraq ID: 51167
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2011-1393
Remote: Yes
Local: No
Published: Dec 22 2011 12:00AM
Updated: Jan 02 2012 11:20PM
Credit: Xiaopeng Zhang of Fortiguard Labs
Vulnerable: IBM Lotus Domino 8.5.2
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2 Fix Pack 5
IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.5.2 FP3
IBM Lotus Domino 8.5.2 FP2
IBM Lotus Domino 8.5.0.1
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2.4
IBM Lotus Domino 8.0.2.3
IBM Lotus Domino 8.0.2.2
IBM Lotus Domino 8.0.2.1
IBM Lotus Domino 8.0
Not Vulnerable: IBM Lotus Domino 8.5.3
IBM Lotus Domino 8.5.2 FP4


IBM Lotus Domino is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
An attacker can use readily available network utilities.

Solution:

The vendor released an update. Please see the references for details.


---------------------
http://www.badkey.com/db/blogsphere.nsf/d6plinks/JWIE-8QXSBF
Jan 28, 2012
114 hits



Recent Blog Posts
86


SABnzbd 0.7.18
Wed, Aug 20th 2014 12:05p   John Willemse
Upgrade in de OTAP gedaan naar versie 0.7.18 Latest Version: 0.7.18 — Released: 06-JUL-2014 http://sabnzbd.org The Badkey Team http://beknown.com/john-willemse [read] Keywords: blogSphere
86


CESA-2014:0981 Important CentOS 6 kernel Update
Wed, Aug 20th 2014 11:45a   John Willemse
We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.23.3.el6 Thu Jul 31 19:57:06 UTC 2014 [CentOS-announce] CESA-2014:0981 Important CentOS 6 kernel Update http://lists.centos.org/pipermail/centos-announce/2014-July/020458.html The Badkey Team http://beknown.com/john-willemse [read] Keywords: blogSphere centos
142


Sophos UTM Up2Date 9.204020 package
Fri, Aug 1st 2014 9:05a   John Willemse
We just did the upgrade. System Version: Sophos UTM 9.204020 Sophos UTM Home Edition Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the ins [read] Keywords: application blogSphere firefox google network planetlotus planetlotus.org security server virus wifi
500


FRITZ!OS: New Firmware 6.05
Thu, May 29th 2014 1:48p   John Willemse
A new FRITZ!OS 06.05 is available for your FRITZ!Box Fon WLAN 7360. You are currently using FRITZ!OS version 06.04. For information about the new features included in the new FRITZ!OS, go to: ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7360_v2/firmware/english/info.txt New Features Security: removes possibility for unauthorized access to FRITZ!Box. Please check for important information here: http://www.avm.de/en/Sicherheit added Dialplan for New Zealand New with FRITZ!OS 6: Wirel [read] Keywords: blogSphere email mobile security wireless
562


IBM Notes and the Heartbleed Bug.
Sun, Apr 20th 2014 4:45p   John Willemse
IBM Notes & Domino are not vulnerable to OpenSSL "Heartbleed" bug (CVE-2014-0160) The Heartbleed Bug "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual pr [read] Keywords: domino ibm notes traveler applications blogSphere bug centos email instant messaging linux planetlotus planetlotus.org security server vmware
1533


Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g
Sun, Apr 20th 2014 4:25p   John Willemse
On Monday, April 7th 2014, an OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild since March of 2012 and is patched with OpenSSL version 1.0.1g released on April 7th 2014. OpenSSL Severe Vulnerability in TLS Heartbeat Extension (CVE-2014-0160) The bug allows any attacker to read the memory of a vulnerable host, which means that [read] Keywords: blogSphere bug centos community facebook linux redhat security server
576


Heartbleed Security Bug fixes for VMware
Sun, Apr 20th 2014 5:05a   John Willemse
19 April, 2014. It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience: VMware vCenter Server 5.5 U1a VCVA 5.5 U1a VMware vCenter Server 5.5c VCVA 5.5c ESXi KB:VMware ESXi 5.5, Patch ESXi550-201404420-SG ESXi KB:VMware E [read] Keywords: blogSphere bug networking security server vmware
560


Sophos UTM Up2Date 9.201023 package
Thu, Apr 10th 2014 4:46p   John Willemse
We just did the upgrade. System Version: Sophos UTM 9.200-11 News: Official 9.2 GA Release - update from 9.200. Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160) Bugfixes: Fix [28439]: vpn site2site overwiev is missing ipsec respondOnly connections Fix [28953]: Object Changelog PopUp can not be closed in IE9 Fix [29356]: [BETA] RED50 reconnects all the time Fix [29419&rsq [read] Keywords: agent connections policies blogSphere email smtp wireless
508


Crossware Mail Signature for IBM Domino and Microsoft Exchange
Thu, Apr 3rd 2014 5:25p   John Willemse
Crossware’s Mail Signature is a server based application that automatically adds compliant, personalized, good looking email signatures to all outgoing emails. From now on your emails will be 100% consistent with your corporate image. Your signatures may include legal disclaimers, logos, graphics and even advertising banners. The signatures are tamper proof and fully configurable for any number of staff or groups. The signatures can include the traditional information like Name &lsq [read] Keywords: domino ibm inotes lotus notes application blogSphere database email exchange exchange linkedin linux mac microsoft mobile office server vmware
381


CentOS alert RHSA-2014-0328. Kernel Update.
Thu, Apr 3rd 2014 12:25p   John Willemse
We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.11.2.el6.x86_64 x86_64 Details: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kern [read] Keywords: notes blogSphere centos enterprise leak linux red hat redhat security




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition