CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#590487

Lotus Domino vulnerable to directory traversal, aka "Domino Server Directory Transversal Vulnerability"

Overview

Lotus Domino web server may allow malformed URL requests to access files outside the document root of a vulnerable system.

I. Description

A Lotus Domino server running the HTTP task may permit an intruder to read files on file systems or drives that house Lotus Notes databases. By using a specially crafted URL containing ".." and the name of an existing file, an intruder may be able to cause a Domino server to return the contents of the file to the intruder over the HTTP connection. If this file contains sensitive information, an intruder may be able to leverage that information to gain additional access.

II. Impact

Intruders can read files outside the normal web root of a Domino server.

III. Solution

Lotus plans on releasing a new version (R5.0.6a) which addresses this problem as soon as possible. See http://www.lotus.com/security for more details. According to Lotus, the SPR (Software Problem Report) number is KSPR4SPQ5S. When an SPR is fixed, it is posted in the Fix List database on Notes.net. In the meantime, a workaround is possible by using the URL redirection feature of Domino.

Redirect URLs of the form *..* to a harmless location or an error page. See the http://www.lotus.com/security for details or consult your Domino documentation.

Systems Affected

VendorStatusDate Updated
LotusVulnerable10-Jan-2001

References

https://www.kb.cert.org/vuls/id/590487
http://www.lotus.com/security
http://www.notes.net/R5FixList.nsf
http://www.guninski.com/lotus1.html
http://www.securityfocus.com/bid/2173

Credit

The CERT/CC would like to acknowledge Katherine Spanbauer, Senior Product Manager, Notes and Domino Security Lotus Development Corporation for her assistance, and independent researcher Georgi Guninski who discovered this problem.

This document was written by Jeffrey S Havrilla and Shawn Hernan.

Other Information

Date Public01/05/2001
Date First Published01/10/2001 03:06:06 PM
Date Last Updated01/10/2001
CERT Advisory 
CVE Name 
Metric21.60
Document Revision19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University