[NEWS] Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability
From: support@securiteam.com
Date: 02/17/03
- Previous message: support@securiteam.com: "[NEWS] Lotus iNotes Client ActiveX Control Buffer Overrun"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 17 Feb 2003 22:24:23 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
Lotus Domino and Notes together provide a featured enterprise
collaboration system with Domino providing application server services. A
buffer overflow in the server allows a remote attacker to cause it to
execute arbitrary code.
DETAILS
Vulnerable systems:
* Lotus Domino version 6.0
Immune systems:
* Lotus Domino version 6.0.1
Lotus Domino 6 suffers from a remotely exploitable buffer overrun
vulnerability when performing a redirect operation. When building the 302
Redirect response, the server takes the client provided "Host" header and
implants this value into the "Location" server header. By requesting
certain documents or views in certain databases, the server can be forced
to perform a redirect operation and by supplying an overly long string for
the hostname, a buffer can be overflowed allowing an attacker to gain
control of the Domino Web Services process. By default, these databases
can be accessed by anonymous users. Any arbitrary code supplied will run
in the context of the account running Domino allowing an attacker to gain
control of the server.
Fix Information:
IBM Lotus Notes and Domino Release 6.0.1 is now available and being
marketed as the first maintenance release. IBM say if customers haven't
already upgraded or migrated to Notes and Domino 6, now is the time to
move and start reaping the benefits of this existing and highly praised
release. Release 6.0.1 includes fixes to enhance the quality and
reliability of the Notes and Domino 6 products. It does not however
mention any security issues, and NGS would strongly advise to upgrade as
soon as possible not to just top "reap the benefits" but to secure the
server and data against possible attacks.
The upgrade / patch can be obtained from
<http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=rpp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@nextgenss.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[NEWS] Lotus Domino Web Server iNotes Overflow"
- Previous message: support@securiteam.com: "[NEWS] Lotus iNotes Client ActiveX Control Buffer Overrun"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
