Bugtraq mailing list archives

Re: Lotus Notes Stored Form Vulnerability

From: Tibor SZABO <szabo.tibor () LN MATAV HU>
Date: Tue, 27 Feb 2001 14:15:54 +0100

Isn't the ECL merely based on string matching of the signer
rather than checking a certificate or an encrypted key?
<<<<<<<<<<<<<<

The ECL elements are strings, but the execution controlling itself is based
on digital signatures.

If somebody signs a piece of program-code with a fake "Lotus Notes Template
Development" ID (as someone mentioned eralier in this list), or signs a
piece of code with any other fake ID with a name, which already has a
corresponding Notes cross-certificate entry in your personal address-book,
during the execution of this code your Notes client program warns you in a
pop-up window, that this signature is invalid - and you have opportunity to
abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
allows the execution of ALL_unsigned_piece_of_code with this type of tasks
in the future.

If a piece of code has a known signature ("known" means that it already has
a corresponding Notes cross-certificate entry in your personal
address-book), then your notes client performs the required task, if it is
allowed in the ECL for that name. If the execution of this type of task is
not allowed, then you will be warned in a pop-up window - and you have
opportunity to abort_the_execution, execute_it_only_once or trust_signer.

If a piece of code has an unknown signature, your notes client performs the
required task only when the -default- entry in the ECL allows the
execution. If not allowed (for -defaulft-) this task, then you will be
warned in a pop-up window - and you have opportunity to
abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
allows ALL_piece_of_code_with_unknown_signature on them this type of tasks
in the future.

If a piece of code has no signature at all, your notes client performs the
required task only when the -unsigned- entry in the ECL allows the
execution. If not allowed (for -unsigned-) this task, then you will be
warned in a pop-up window - and you have opportunity to
abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
allows ALL_piece_of_code_without_signature on them this type of tasks in
the future.

Allowing a function by ECL means, that in the future you won't be warned
when this type of task is to be executed. Of course you can revoke any
permission at any time.


Tibike

ps: sorry my bad English

Current thread:

Lotus Notes Stored Form Vulnerability Chris Jones (Feb 10)
- Re: Lotus Notes Stored Form Vulnerability Derek Reynolds (Feb 10)
- <Possible follow-ups>
- Re: Lotus Notes Stored Form Vulnerability Felix Grushevsky (Feb 10)
- Re: Lotus Notes Stored Form Vulnerability Mikkel Heisterberg (Feb 12)
- Re: Lotus Notes Stored Form Vulnerability Security Advisory (Feb 12)
- Re: Lotus Notes Stored Form Vulnerability Security Advisory (Feb 15)
- Re: Lotus Notes Stored Form Vulnerability Chris Jones (Feb 19)
- Re: Lotus Notes Stored Form Vulnerability mark myers (Feb 21)
- Re: Lotus Notes Stored Form Vulnerability Katherine Spanbauer (Feb 26)
- Re: Lotus Notes Stored Form Vulnerability Tibor SZABO (Feb 27)