Re: Lotus Notes HTTP cgi-bin vulnerability: possible workaround

From: Jens Frank (Jens_Frankat_private)
Date: Thu Dec 23 1999 - 00:14:55 PST

Next message: Steven Alexander: "Warning to Bugtraq posters."

Previous message: Ussr Labs: "Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5"
Maybe in reply to: Bram Kerkhof: "Lotus Notes HTTP cgi-bin vulnerability: possible workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

the described workaround does work for Notes-Servers not using CGI at all.
However, there is still a problem with hiding the cgi's in a different
script directory:

GET /cgi-bin/test HTTP/1.0

HTTP/1.1 200 Found
Server: Lotus-Domino/Release-4.6.2a
Date: Thu, 23 Dec 1999 07:58:37 GMT
Content-Base: http://192.168.64.8/CeGeIh/test
Content-Type: text/html
Content-Length: 1841

Notes sends the ,,real'' script directory in the Content-Base-Field of the
header. Using this information, the machine can still be crashed. (tested
successfully)

This is tested with 4.6.2a only since I don't have any other versions.

     Gruesse,

          jens

- -
Jens Frank, Unix Systems
Deutsche Boerse AG
Fon +49 69 2101 5099
Fax +49 69 2101 3831

Next message: Steven Alexander: "Warning to Bugtraq posters."
Previous message: Ussr Labs: "Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5"
Maybe in reply to: Bram Kerkhof: "Lotus Notes HTTP cgi-bin vulnerability: possible workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:11 PDT