Dec 19, 2018 9:00 am EST
Categorized: High Severity
Share this post:
IBM Notes and Domino (on Windows only) contain a privilege escalation vulnerability. By crafting a command line sent via the shared memory IPC, the Notes System Diagnostic (NSD) service can be tricked into executing a malicious dll chosen by the attacker. IBM addresses this vulnerability in the fix below.
CVE(s): CVE-2018-1771
Affected product(s) and affected version(s):
IBM Domino 9.0.1 through 9.0.1 FP10 IF4
IBM Domino 9.0 through 9.0 IF4
IBM Notes 9.0.1 through 9.0.1 FP10 IF5
IBM Notes 9.0 through 9.0 IF4
Please note that IBM Notes and Domino 10 no longer permit running NSD as a service so are not vulnerable to this attack.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10743405
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148687
from IBM Product Security Incident Response Team https://ift.tt/2Etwi2a
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.