Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4093
HistoryFeb 18, 2003 - 12:00 a.m.

Domino Advisories UPDATE

2003-02-1800:00:00
vulners.com
11
JSON

Hi All,

Please note the following correction -

The Notes Client Up-Date can be found at
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&
go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r

The Domino Web Server Update can be found at
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&
go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r

Thanks to Dave Ahmad for pointing out my error. Much appreciated.

Best Regards

Mark Litchfield

----- Original Message -----
From: "Dave Ahmad" <[email protected]>
To: <[email protected]>; "NGSSoftware Insight Security Research"
<[email protected]>
Sent: Monday, February 17, 2003 9:07 AM
Subject: Re: Lotus Domino Web Server Host/Location Buffer Overflow
Vulnerability (#NISR17022003a)

> Hi Mark,
>
> I have a question for you. This is a Domino server vulnerability, however
> the patch page appears to list only updates for the Notes client. Is this
> the correct location or was it a mistake in the advisory? Do you know
> where Domino Server patches are, or if there are any?
>
> Thank you.
>
> Regards,
>
> David Mirza Ahmad
> Symantec
>
> 0x26005712
> 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
>
> On Mon, 17 Feb 2003, NGSSoftware Insight Security Research wrote:
>
> > NGSSoftware Insight Security Research Advisory
> >
> > Name: Lotus Domino Web Server Host/Location Buffer Overflow
Vulnerability
> > Systems Affected: Release 6.0
> > Severity: Critical Risk
> > Category: Remote System Buffer Overrun
> > Vendor URL: http://www.lotus.com
> > Author: Mark Litchfield ([email protected])
> > Date: 17th February 2003
> > Advisory number: #NISR17022003a
> >
> >
> > Description
> > ***********
> > Lotus Domino and Notes together provide a featured enterprise
collaboration
> > system with Domino providing application server services.
> >
> > Details
> > *******
> > Lotus Domino 6 suffers from a remotley exploitable buffer overrun
> > vulnerability when performing a redirect operation. When building the
302
> > Redirect response, the server takes the client provided "Host" header
and
> > implants this value into the "Location" server header. By requesting
certain
> > documents or views in certain databases the server can be forced to
perform
> > a redirect operation and by supplying an overly long string for the
> > hostname, a buffer can be overflowed allowing an attacker to gain
control of
> > the Domino Web Services process. By default these databases can be
accessed
> > by anonymous users. Any arbitray code supplied will run in the context
of
> > the account running Domino allowing an attacker to gain control of the
> > server.
> >
> > Fix Information
> > ***************
> > IBM Lotus Notes and Domino Release 6.0.1 is now available and being
marketed
> > as the first maintenance release. IBM say if customers haven't already
> > upgraded or migrated to Notes and Domino 6, now is the time to move and
> > start reaping the benefits of this existing and highly praised release.
> > Release 6.0.1 includes fixes to enhance the quality and reliability of
the
> > Notes and Domino 6 products. It does not however mention any security
> > issues, and NGS would strongly advise to upgrade as soon as possible not
to
> > just tp "reap the benefits" but to secure the server and data against
> > possible attacks.
> >
> > The upgrade / patch can be obtained from
> >
> >
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&
> > go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r
> >
> > A check for this issue has been added to DominoScan R2, a comprehensive
> > automated intelligent assessment tool for Lotus Domino Servers of which
more
> > information is available from the NGSSite
> >
> > http://www.ngssoftware.com/software/dominoscan.html
> >
> > Further Information
> > *******************
> > For further information about the scope and effects of buffer overflows,
> > please see
> >
> > http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
> > http://www.ngssoftware.com/papers/ntbufferoverflow.html
> > http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
> > http://www.ngssoftware.com/papers/unicodebo.pdf
> >
> > About NGSSoftware
> > *****************
> > NGSSoftware design, research and develop intelligent, advanced
application
> > security assessment scanners. Based in the United Kingdom, NGSSoftware
have
> > offices in the South of London and the East Coast of Scotland.
NGSSoftware's
> > sister company NGSConsulting, offers best of breed security consulting
> > services, specialising in application, host and network security
> > assessments.
> >
> > http://www.ngssoftware.com/
> > http://www.ngsconsulting.com/
> >
> > Telephone +44 208 401 0070
> > Fax +44 208 401 0076
> >
> > [email protected]
> >
> >
>
>

JSON