SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   IBM Lotus Notes Vendors:   IBM
IBM Lotus Domino Web Server Buffer Overflow During Authentication May Let Remote Users Crash the Web Server
SecurityTracker Alert ID:  1004052
SecurityTracker URL:  http://securitytracker.com/id/1004052
CVE Reference:   CVE-2002-1624   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Apr 16 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.10
Description:   A buffer overflow vulnerability was reported in IBM's Lotus Domino web server. A remote user may be able to cause the web server to crash.

IBM warned of a buffer overflow that can be triggered by remote users during the authentication process. When logging to DOMLOG.NSF is enabled on the server, a remote user can reportedly send a long HTTP Authenticate header containing certain non-ASCII characters to cause the web server to crash.

Lotus Software credits The Relay Group with reporting this flaw.
Impact:   A remote user can cause the web server to crash.
Solution:   The vendor has released a fixed version (5.0.10). Contact the vendor to obtain the upgrade.

For earlier releases, a workaround provided by IBM is to log to text files instead.
Vendor URL:  www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=96F6A9D96DFD8BB585256B8A005A8C57 (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Tue, 16 Apr 2002 10:57:52 -0400
Subject:  Buffer Overflow Vulnerability during Authentication to Domino Web Server


Buffer Overflow Vulnerability during Authentication to Domino Web Server

Technotes

Number:  191876

Problem 
A potential buffer overflow problem has been identified during
authentication to a Lotus Domino Web Server. When logging to DOMLOG.NSF
is enabled on the server and the Domino Server processes a long HTTP
Authenticate header containing certain non-ASCII characters, the server
may crash.

Solution 
This issue was reported to Lotus Software Quality Engineering as SPR#
JCHN556KHB and resolved in R5.0.10.

For prior releases, a workaround is to log to text files instead.

Supporting Information 


Related Documents 
This issue was reported to Lotus Software by The Relay Group -->
http://www.relaygroup.com

http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=96F6A9D96DFD8BB585256B8A005A8C57


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC