Home page logo
/

bugtraq logo Bugtraq mailing list archives

bugtraq id 2173 Lotus Domino Server
From: Alan Bell <ABell () INTEC CO UK>
Date: Tue, 9 Jan 2001 11:02:32 +0000

Further information on this issue:

1) This issue has been reproduced on several versions of domino prior to
5.0.5
2) My testing has failed to reproduce this issue on Linux and OS/400
(AS/400)
3) To secure your boxes create 3 file protection documents for each server
granting no access to the following paths.

/.nsf/../
/.box/../
/.ns4/../

the other common domino extensions .ns3 and .ntf do not appear to be
vulnerable. This is not a Lotus supported solution (as yet) so there may
be additional similar paths with this behaviour. You should watch
http://www.notes.net for an upgrade which will probably appear as 5.0.6a.

Alan.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]