TUCoPS :: Web :: Servers :: al200010.txt

Lotus Notes/Domino Security Vulnerabilities AusCERT Alert 2000.10 DefCon 8.0 

-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T
                                      
                        AL-2000.10  --  AUSCERT ALERT
               DefCon 8.0 Lotus Notes Security Vulnerabilities
                                2 August 2000

===========================================================================

PROBLEM:  

	At the recent DefCon 8.0 security convention there was a
	presentation which discussed a variety of security vulnerabilities
	in Lotus Notes and Domino.  These vulnerabilities included system
	configuration problems and new exploits.

PRODUCT: 
          
	Lotus Notes and Domino.

RECOMMENDATIONS: 

	Lotus have provided the following comments regarding the DefCon 8.0
	presentation:

http://www.lotus.com/developers/itcentral.nsf/wdocs/C52C07308269989B8525692D008322BD

	AusCERT encourages all Lotus Notes and Domino users to review the
	above document and take steps in line with their security policy
	and procedures.  In addition, it is recommended administrators
	review additional security guidelines available from:

	    http://www.lotus.com/security

	More information on these issues is available from the presenters'
	site:

	    http://www.trust-factory.com

- ---------------------------------------------------------------------------
For more information contact Lotus.
- ---------------------------------------------------------------------------

[AusCERT issues an alert when the risk posed by a vulnerability that may
not have been thoroughly investigated and for which a work-around or fix
may not yet have been developed requires notification.]

The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation.  The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures.  AusCERT takes no
responsibility for the consequences of applying the contents of this
document.

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/.  This archive contains past SERT
and AusCERT Advisories, and other computer security information.

AusCERT maintains a World Wide Web service which is found on:
http://www.auscert.org.au/.

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business
		hours which are GMT+10:00 (AEST).  On call
		after hours for emergencies.
						       
Postal:
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld  4072
AUSTRALIA
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBOZgIZyh9+71yA2DNAQG4XwQAjSwVmU5ykkcyeK9SS02+l5QDNL6FojCH
rl72TNI+3ePW+hRkWrCT/b6J2mbynp3g7CgtmrkjTz++5rfPVPqrP/yx2zOESRfj
uPh0WTWyS/VAQJi1E9JK5NxTE54GQqat4ca3qEDcs02mYJtn3PX+XYvA0XR4GB78
NnJ+eh+aYuo=
=Bn/g
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH