Lotus Notes Installation Default Permission Weakness

2006-10-18T12:48:45
ID OSVDB:29761
Type osvdb
Reporter Carsten Eiram()
Modified 2006-10-18T12:48:45

Description

Vulnerability Description

Lotus Notes contains a flaw that may allow a malicious user to manipulate application's files. The issue is triggered due to default permissions that grant "Everyone" group "Full Control" on the 'notes' directory and all child objects. It is possible that the flaw may allow arbitrary files manipulation resulting in a loss of integrity.

Solution Description

Upgrade to version 7.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lotus Notes contains a flaw that may allow a malicious user to manipulate application's files. The issue is triggered due to default permissions that grant "Everyone" group "Full Control" on the 'notes' directory and all child objects. It is possible that the flaw may allow arbitrary files manipulation resulting in a loss of integrity.

References:

Vendor URL: http://www.lotus.com/products/product4.nsf/wdocs/noteshomepage Vendor Specific Advisory URL Secunia Advisory ID:19537 Other Advisory URL: http://secunia.com/secunia_research/2005-29/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0375.html CVE-2005-2454