[ISN] Flaws discovered in Lotus software

From: InfoSec News (isnat_private)
Date: Thu Feb 20 2003 - 00:28:18 PST

  • Next message: InfoSec News: "[ISN] Open Source security manual and training for ethical hacking"

    Forwarded from: William Knowles <wkat_private>
    By Paul Roberts
    IDG News Service
    Three software security flaws could allow attackers to run malicious
    code on machines running IBM's Lotus Domino or iNotes software.
    The flaws were disclosed on Monday in three advisories published by
    Next Generation Security Software Ltd. (NGSS), a software security
    consulting company in Sutton, England.
    Using a vulnerability in the Lotus iNotes messaging software, a remote
    attacker could gain control of a Domino server by providing an overly
    long value in a request for Web-based mail services.
    The long value would create a buffer overrun on the server, allowing
    attackers to execute their own software code using the privileged
    account that runs the Domino Web Services, according to NGSS, which
    rated the vulnerability a "Critical Risk."
    A buffer overrun occurs when too much data is sent to a buffer in a
    computer's memory. When the buffer overflows, critical information
    that controls a program's execution is overwritten, allowing attackers
    to fill the buffer with their own code and causing the program to
    start executing the code.
    A second vulnerability, also rated "Critical Risk," affects the Lotus
    Domino 6 application server software. Using the vulnerability, an
    attacker could create a buffer overrun by supplying false and
    excessively long host names in a request for a document or view that
    is stored in a Lotus database.
    After triggering the overrun, attackers could execute their own code
    under the account running the Domino Web Service process, gaining
    control of the Domino server.
    A third vulnerability, found in an ActiveX client control used by the
    iNotes software, allows an attacker to execute malicious code on a
    remote machine that is attempting to use iNotes Web-based messaging
    An attacker could use an e-mail or a Web page to send a value that is
    too long to the Active X control, creating a buffer overrun on the
    target machine that allows the attacker to execute code using the
    privileges of the current user.
    NGSS rated the ActiveX vulnerability "Medium Risk."
    The three vulnerabilities, which were found in Release 6.0 of Lotus
    Notes and Domino, have been patched by IBM in the 6.0.1 maintenance
    Although it did not mention the NGSS vulnerabilities, information
    posted on IBM's Web page said that the 6.0.1 release "includes fixes
    to enhance the quality and reliability of the Notes and Domino 6
    products," and recommended that customers who haven't already done so
    upgrade to version 6.0.1.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 03:02:58 PST