Hi All, Please note the following correction - The Notes Client Up-Date can be found at http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&; go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r The Domino Web Server Update can be found at http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&; go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r Thanks to Dave Ahmad for pointing out my error. Much appreciated. Best Regards Mark Litchfield ----- Original Message ----- From: "Dave Ahmad" <da@securityfocus.com> To: <mark@ngssoftware.com>; "NGSSoftware Insight Security Research" <nisr@nextgenss.com> Sent: Monday, February 17, 2003 9:07 AM Subject: Re: Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a) > Hi Mark, > > I have a question for you. This is a Domino server vulnerability, however > the patch page appears to list only updates for the Notes client. Is this > the correct location or was it a mistake in the advisory? Do you know > where Domino Server patches are, or if there are any? > > Thank you. > > Regards, > > David Mirza Ahmad > Symantec > > 0x26005712 > 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 > > On Mon, 17 Feb 2003, NGSSoftware Insight Security Research wrote: > > > NGSSoftware Insight Security Research Advisory > > > > Name: Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability > > Systems Affected: Release 6.0 > > Severity: Critical Risk > > Category: Remote System Buffer Overrun > > Vendor URL: http://www.lotus.com > > Author: Mark Litchfield (mark@ngssoftware.com) > > Date: 17th February 2003 > > Advisory number: #NISR17022003a > > > > > > Description > > *********** > > Lotus Domino and Notes together provide a featured enterprise collaboration > > system with Domino providing application server services. > > > > Details > > ******* > > Lotus Domino 6 suffers from a remotley exploitable buffer overrun > > vulnerability when performing a redirect operation. When building the 302 > > Redirect response, the server takes the client provided "Host" header and > > implants this value into the "Location" server header. By requesting certain > > documents or views in certain databases the server can be forced to perform > > a redirect operation and by supplying an overly long string for the > > hostname, a buffer can be overflowed allowing an attacker to gain control of > > the Domino Web Services process. By default these databases can be accessed > > by anonymous users. Any arbitray code supplied will run in the context of > > the account running Domino allowing an attacker to gain control of the > > server. > > > > Fix Information > > *************** > > IBM Lotus Notes and Domino Release 6.0.1 is now available and being marketed > > as the first maintenance release. IBM say if customers haven't already > > upgraded or migrated to Notes and Domino 6, now is the time to move and > > start reaping the benefits of this existing and highly praised release. > > Release 6.0.1 includes fixes to enhance the quality and reliability of the > > Notes and Domino 6 products. It does not however mention any security > > issues, and NGS would strongly advise to upgrade as soon as possible not to > > just tp "reap the benefits" but to secure the server and data against > > possible attacks. > > > > The upgrade / patch can be obtained from > > > > http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&; > > go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r > > > > A check for this issue has been added to DominoScan R2, a comprehensive > > automated intelligent assessment tool for Lotus Domino Servers of which more > > information is available from the NGSSite > > > > http://www.ngssoftware.com/software/dominoscan.html > > > > Further Information > > ******************* > > For further information about the scope and effects of buffer overflows, > > please see > > > > http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf > > http://www.ngssoftware.com/papers/ntbufferoverflow.html > > http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf > > http://www.ngssoftware.com/papers/unicodebo.pdf > > > > About NGSSoftware > > ***************** > > NGSSoftware design, research and develop intelligent, advanced application > > security assessment scanners. Based in the United Kingdom, NGSSoftware have > > offices in the South of London and the East Coast of Scotland. NGSSoftware's > > sister company NGSConsulting, offers best of breed security consulting > > services, specialising in application, host and network security > > assessments. > > > > http://www.ngssoftware.com/ > > http://www.ngsconsulting.com/ > > > > Telephone +44 208 401 0070 > > Fax +44 208 401 0076 > > > > enquiries@ngssoftware.com > > > > > >
