| VID |
22149 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino web server, according to its version number, is vulnerable to a buffer overflow attack.
When logging to DOMLOG.NSF is enabled on the server, a remote user can send a long HTTP Authenticate header containing certain non-ASCII characters to cause the web server to crash. It is possible for remote attackers to corrupt sensitive regions of memory which attacker-supplied values, possibly resulting in execution of arbitrary code with the privileges of the Lotus Domino web server.
* Note: This check solely relied on the banner of the remote web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Lotus Domino 5.0.9 and earlier |
| Recommendation |
Upgrade to Lotus Domino 5.0.10 or later, available from http://www.notes.net/qmrdown.nsf
As a temporary workaround, it has been suggested that users can log to a textfile instead of to the 'DOMLOG.NSF' database. |
| Related URL |
CVE-2002-2025 (CVE) |
| Related URL |
2575,4019,4020 (SecurityFocus) |
| Related URL |
6348 (ISS) |
|
