The US Cert posted this vulnerability for Lotus Notes on Friday.
“Overview
IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data.
I. Description
IBM Lotus Notes installs numerous program files and program data in a special directory known as the Notes directory. According to IBM Technote #21246773:
By default, beginning with Notes 6.5.4 and affecting 6.5.5, 7.0 and 7.0.1, “Full Control” access (read/write/execute) to the Notes program and data directory is granted to the Windows group “Everyone”.
II. Impact
A local attacker may be able to gain unintended access to Lotus Notes program data.
III. Solution
Upgrade to unaffected versions of Lotus Notes
Lotus Notes versions 6.5.6 and 7.0.2 are reportedly not affected by this issue.”
[tags]Lotus Notes, IBM, US Cert, Vulnerability[/tags]
