Flaws discovered in Lotus software

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.nwfusion.com/news/2003/0219lotus.html

By Paul Roberts
IDG News Service
02/19/03

Three software security flaws could allow attackers to run malicious
code on machines running IBM's Lotus Domino or iNotes software.

The flaws were disclosed on Monday in three advisories published by
Next Generation Security Software Ltd. (NGSS), a software security
consulting company in Sutton, England.

Using a vulnerability in the Lotus iNotes messaging software, a remote
attacker could gain control of a Domino server by providing an overly
long value in a request for Web-based mail services.

The long value would create a buffer overrun on the server, allowing
attackers to execute their own software code using the privileged
account that runs the Domino Web Services, according to NGSS, which
rated the vulnerability a "Critical Risk."

A buffer overrun occurs when too much data is sent to a buffer in a
computer's memory. When the buffer overflows, critical information
that controls a program's execution is overwritten, allowing attackers
to fill the buffer with their own code and causing the program to
start executing the code.

A second vulnerability, also rated "Critical Risk," affects the Lotus
Domino 6 application server software. Using the vulnerability, an
attacker could create a buffer overrun by supplying false and
excessively long host names in a request for a document or view that
is stored in a Lotus database.

After triggering the overrun, attackers could execute their own code
under the account running the Domino Web Service process, gaining
control of the Domino server.

A third vulnerability, found in an ActiveX client control used by the
iNotes software, allows an attacker to execute malicious code on a
remote machine that is attempting to use iNotes Web-based messaging
features.

An attacker could use an e-mail or a Web page to send a value that is
too long to the Active X control, creating a buffer overrun on the
target machine that allows the attacker to execute code using the
privileges of the current user.

NGSS rated the ActiveX vulnerability "Medium Risk."

The three vulnerabilities, which were found in Release 6.0 of Lotus
Notes and Domino, have been patched by IBM in the 6.0.1 maintenance
release.

Although it did not mention the NGSS vulnerabilities, information
posted on IBM's Web page said that the 6.0.1 release "includes fixes
to enhance the quality and reliability of the Notes and Domino 6
products," and recommended that customers who haven't already done so
upgrade to version 6.0.1.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.