Domino Advisories UPDATE

• Previous message: NGSSoftware Insight Security Research: "Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Mark Litchfield" <mark@ngssoftware.com>
To: <bugtraq@securityfocus.com>
Date: Mon, 17 Feb 2003 17:03:06 -0800

Hi All,

Please note the following correction -

The Notes Client Up-Date can be found at
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dtn/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dtae971e3a1a70b9c98a98d1d196 <br> <p>&nbThanks to Dave Ahmad for pointing out my error. Much appreciated.
go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r

The Domino Web Server Update can be found at
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dtae971e3a1a70b9c98a98d1d196 <br> <p>&nbThanks to Dave Ahmad for pointing out my error. Much appreciated.
go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r

Thanks to Dave Ahmad for pointing out my error. Much appreciated.

Best Regards

Mark Litchfield

----- Original Message -----
From: "Dave Ahmad" <da@securityfocus.com>
To: <mark@ngssoftware.com>; "NGSSoftware Insight Security Research"
<nisr@nextgenss.com>
Sent: Monday, February 17, 2003 9:07 AM
Subject: Re: Lotus Domino Web Server Host/Location Buffer Overflow
Vulnerability (#NISR17022003a)

> Hi Mark,
>
> I have a question for you. This is a Domino server vulnerability, however
> the patch page appears to list only updates for the Notes client. Is this
> the correct location or was it a mistake in the advisory? Do you know
> where Domino Server patches are, or if there are any?
>
> Thank you.
>
> Regards,
>
> David Mirza Ahmad
> Symantec
>
> 0x26005712
> 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
>
> On Mon, 17 Feb 2003, NGSSoftware Insight Security Research wrote:
>
> > NGSSoftware Insight Security Research Advisory
> >
> > Name: Lotus Domino Web Server Host/Location Buffer Overflow
Vulnerability
> > Systems Affected: Release 6.0
> > Severity: Critical Risk
> > Category: Remote System Buffer Overrun
> > Vendor URL: http://www.lotus.com
> > Author: Mark Litchfield (mark@ngssoftware.com)
> > Date: 17th February 2003
> > Advisory number: #NISR17022003a
> >
> >
> > Description
> > ***********
> > Lotus Domino and Notes together provide a featured enterprise
collaboration
> > system with Domino providing application server services.
> >
> > Details
> > *******
> > Lotus Domino 6 suffers from a remotley exploitable buffer overrun
> > vulnerability when performing a redirect operation. When building the
302
> > Redirect response, the server takes the client provided "Host" header
and
> > implants this value into the "Location" server header. By requesting
certain
> > documents or views in certain databases the server can be forced to
perform
> > a redirect operation and by supplying an overly long string for the
> > hostname, a buffer can be overflowed allowing an attacker to gain
control of
> > the Domino Web Services process. By default these databases can be
accessed
> > by anonymous users. Any arbitray code supplied will run in the context
of
> > the account running Domino allowing an attacker to gain control of the
> > server.
> >
> > Fix Information
> > ***************
> > IBM Lotus Notes and Domino Release 6.0.1 is now available and being
marketed
> > as the first maintenance release. IBM say if customers haven't already
> > upgraded or migrated to Notes and Domino 6, now is the time to move and
> > start reaping the benefits of this existing and highly praised release.
> > Release 6.0.1 includes fixes to enhance the quality and reliability of
the
> > Notes and Domino 6 products. It does not however mention any security
> > issues, and NGS would strongly advise to upgrade as soon as possible not
to
> > just tp "reap the benefits" but to secure the server and data against
> > possible attacks.
> >
> > The upgrade / patch can be obtained from
> >
> >
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt
> > go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r
> >
> > A check for this issue has been added to DominoScan R2, a comprehensive
> > automated intelligent assessment tool for Lotus Domino Servers of which
more
> > information is available from the NGSSite
> >
> > http://www.ngssoftware.com/software/dominoscan.html
> >
> > Further Information
> > *******************
> > For further information about the scope and effects of buffer overflows,
> > please see
> >
> > http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
> > http://www.ngssoftware.com/papers/ntbufferoverflow.html
> > http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
> > http://www.ngssoftware.com/papers/unicodebo.pdf
> >
> > About NGSSoftware
> > *****************
> > NGSSoftware design, research and develop intelligent, advanced
application
> > security assessment scanners. Based in the United Kingdom, NGSSoftware
have
> > offices in the South of London and the East Coast of Scotland.
NGSSoftware's
> > sister company NGSConsulting, offers best of breed security consulting
> > services, specialising in application, host and network security
> > assessments.
> >
> > http://www.ngssoftware.com/
> > http://www.ngsconsulting.com/
> >
> > Telephone +44 208 401 0070
> > Fax +44 208 401 0076
> >
> > enquiries@ngssoftware.com
> >
> >
>
>

• Next message: NGSSoftware Insight Security Research: "Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)"
• Previous message: NGSSoftware Insight Security Research: "Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]