Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: KPMG-2002006: Lotus Domino Physical Path Revealed
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Sun, 03 Mar 2002 13:01:01 +0100
02/04/2002 16:18:06, Peter Gründl <pgrundl () kpmg dk> wrote :


Problem:
========
Due to problems handling Windows DOS devices, the Domino Server
can be brought to show the physical location of the web root.



Corrective action:
==================
Upgrade to Lotus Domino V5.0.10, which can be downloaded here:
http://www.notes.net/qmrdown.nsf


This upgrade solves the "banner disclosure" issue too, which was 
presented to Bugtraq readers in my post regarding "physical path 
disclosure" [1].

Apparently, the banner string was hard-coded in the "htcgibin.exe" 
module ...

Thanks to Peter Gründl <pgrundl () kpmg dk> for testing the lastest 
Domino release for this bug.

[1] : http://online.securityfocus.com/archive/1/254768


Nicolas Gregoire
Exaprobe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]