Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 
  Save Time and Money

TLAnews: Security NEWs Service 

 1.8.2000 SecurityNotes new vulnerability claimed by two security consultants
Representatives of two security firms claim that flaws in Lotus Notes allow a skilled intruder to open the e-mail boxes or databases of virtually any Lotus Notes user, send e-mail under that user's name, and authorize others to access those mailboxes or databases.

French Notes aurait une nouvelle vulnerabilité selon deux consultants en sécurité
Les représentants de deux entreprises de sécurité disent que des vulnérabilités dans Lotus Notes permettent à un intru doué d'ouvrir la boîte à lettres ou les base de données de potentiellement n'importe quel utilisateur Notes, d'envoyer des messages sous ce nom, et d'autoriser aux autres un accès à ces boîtes ou base de données.

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews.com
Information for security concerned people

 
Register to TLAnews letter
 
English version
The security consultants also contend that another flaw, tied to the Domino server, allows outside users to circumvent protections against viruses and other malicious code.

Lotus says that such attacks require very specific conditions and that remedies are already available to Notes administrators using newer versions of Domino server. Notes runs on the Domino server.

Some 60 million end-users, primarily corporate customers, run Notes, according to Lotus.

The security product management team for Domino, however, says system administrators can thwart such attacks with tools offered in recent versions of the product.
Résumé en français

Ces vulnérabilités doivent encore être publiées pour que la communauté de la sécurité en prenne connaissance et puisse reproduire la situation. ce n'est qu'ensuite que nous pourrons dépterminer la gravité de ces trous.

Lotus, qui est au courant de ces faiblesses dit que les conditions sont très spécifiques et qu'ils disposent déjà de contre-mesures.

Lotus recommande l'utilisation de Domino version 5.02, bien que des moyens de protection se trouvent déjà dans la version 4.6

 

Lotus recommends customers use Domino version 5.02, the newest release, for the greatest protection--but Version 4.6 also contains safeguards.

Related information

Lotus Notes server release 5 vulnerable to an easy attack 


more security information with TLAnews ...

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: août 30, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.