SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#772563

Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters

Overview

A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10.

I. Description

A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containing certain non-ASCII characters. For more information, please see the IBM Technote.

II. Impact

An intruder can execute arbitrary code with the privileges of the Lotus Domino web server.

III. Solution

Upgrade to R5.0.10 or later.

Workaround
Log to text files instead of domlog.nsf.

Systems Affected

VendorStatusDate NotifiedDate Updated
IBMVulnerable23-Apr-2002

References


http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=96F6A9D96DFD8BB585256B8A005A8C57
http://securitytracker.com/alerts/2002/Apr/1004052.html

Credit

This vulnerability was discovered by The Relay Group.

This document was written by Ian A. Finlay.

Other Information

Date Public:2002-04-23
Date First Published:2003-01-13
Date Last Updated:2003-01-13
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:36.00
Document Revision:6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader