| VID |
22217 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The iNotes in the Lotus Domino server is vulnerable to a Buffer Overflow Vulnerability via a s_ViewName/Foldername option.
The iNotes component provides web based messaging facilities for the Lotus Domino server. The version 6.0 of the Lotus Domino is a vulnerable to a buffer overflow vulnerability, caused by improperly handling of user-supplied request parameters.
Users can send the URL request with the s_ViewName/Foldername options of the PresetFields parameter as the following:
http://[servername]/mail/[username].nsf/($Inbox)/9D9203D5E95B721E42256B8500346B15/?OpenDocument&PresetFields=s_ViewName;%28%24Inbox%29,s_FromMail;1
If a remote attacker provides an overly long value for the s_ViewName/Foldername options, it could cause a buffer to overflow and arbitrary code to execute on the system with the privileges of the Domino server process.
* Note: This check solely relied on the version of remote Lotus Domino server to assess this vulnerability, so this might be a false positive.
* References:
http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
http://www-1.ibm.com/support/docview.wss?rs=472&uid=swg21104542
http://www.kb.cert.org/vuls/id/542873
* Platforms Affected:
Lotus Domino 6.0
Lotus Domino 5.0.11
Lotus Domino 5.0.10
Lotus Domino 5.0.9a
Lotus Domino 5.0.9
Lotus Domino 5.0.8 |
| Recommendation |
Upgrade to the versions fixed this vulnerability from Lotus Domino download site at http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r
For Lotus Domino 5.0x server, you should upgrade to 5.0.12 or later.
For Lotus Domino 6.0 server, you should upgrade to 6.0.1 or later. |
| Related URL |
CVE-2003-0178 (CVE) |
| Related URL |
6871 (SecurityFocus) |
| Related URL |
11336 (ISS) |
|
