mailing list archives
Re: bugtraq id 2173 Lotus Domino Server
From: Hendrik-Jan Verheij <h.j.verheij () POPIN NL>
Date: Tue, 9 Jan 2001 21:21:32 +0100
Thanks to Ninke Westra for testing this...
The same problem as in my previous post exists in this case
If you append a phoney directory to the url passed on to the webserver the exploit will still work, however you have
to back out an extra time.
This makes the url redirection solution less obvious to guess, but it still leaves you vulnerable.
Hendrik-Jan Verheij http://redheat.org
Hostmaster Popin Internet +3174 2555770
h.j.verheij () popin nl http://www.popin.nl
Assimilation is irrelevant, You are futile!
----- Original Message -----
From: Alan Bell
To: BUGTRAQ () SECURITYFOCUS COM
Sent: Tuesday, January 09, 2001 12:02 PM
Subject: bugtraq id 2173 Lotus Domino Server
Further information on this issue:
1) This issue has been reproduced on several versions of domino prior to 5.0.5
2) My testing has failed to reproduce this issue on Linux and OS/400 (AS/400)
3) To secure your boxes create 3 file protection documents for each server granting no access to the following paths.
the other common domino extensions .ns3 and .ntf do not appear to be vulnerable. This is not a Lotus supported
solution (as yet) so there may be additional similar paths with this behaviour. You should watch http://www.notes.net
for an upgrade which will probably appear as 5.0.6a.