| VID |
22198 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web Retriever program for the Lotus Domino server has a buffer overflow vulnerability via a long HTTP status message. This vulnerability may be used to cause a denial of service. The Lotus Notes/Domino Web Retriever is a program that returns web pages for Notes users. The Web Retriever program will crash when it receives an overly long HTTP status message from a remote web server. If the Web Retriever is running as a server task, the crash will cause a denial of service on the server. If the Web Retriever is running locally on a client, the crash will bring down the Notes client with it.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cert.org/advisories/CA-2003-11.html
http://www.rapid7.com/advisories/R7-0011.html
http://www.kb.cert.org/vuls/id/411489
* Platforms Affected:
Lotus Notes/Domino R4.5 server and client
Lotus Notes/Domino R4.6 server and client
Lotus Notes/Domino R5 server and client
Lotus Notes/Domino R6 beta (pre-Gold) server and client |
| Recommendation |
Upgrade to the Notes R5.0.12 for R5, R6.0 Gold or higher for R6 pre-Cold releases. Due to other vulnerabilities discovered in R6.0 Gold, you should consider upgrading to R6.0.1, which was released in February 2003.
As a workaround, disable the Web Retriever task on the server.
1. Remove the 'Web' entry from the ServerTasks line in the server's NOTES.INI file
2. Issue the 'tell web quit' command at the server console.
In addition, consider removing the Web Retrieval database (typically /WEB.NSF) or lock down its ACL so that no users can access it. If the Web Retriever is disabled, users probably do not need access to this database.
Notes clients will be vulnerable to this if they are configured to use the Notes web browser instead of an external browser program. |
| Related URL |
CVE-2003-0123 (CVE) |
| Related URL |
7038 (SecurityFocus) |
| Related URL |
(ISS) |
|
