Bugtraq mailing list archives
Re: Lotus Domino 5.0.5 Web Server vulnerability - reading fi
From: Kai Rossner <kai.rossner () CONNECTOR DE>
Date: Thu, 11 Jan 2001 15:12:15 -0000
I can reproduce it with - domino 5.05 (german) on a win 2k professional workstation with the netscape navigator 4.75 - domino 5.01 (german) on a win2k server with the netscape navigator 4.75 I canĀ“t reproduce it with - domino 4.6x on NT4 server (Intel and Alpha) - domino 5.0x on NT4 Server (Alpha)
Summary of responses to .nsf/../ issue: --------------------------- From: tschweikle () FIDUCIA de Domino is installed in D:\programme\notes, the
data-directory
is D:\programme\notes\data (an NT4 box with
Domino R4.6.7):
with
http://myserver/.nsf/../Programme/notes/data/notes.ini
I might therefore reach notes.ini. But: Error 404 Not found - file doesn't exist or is read protected
[even tried multi]
My second box is Linux with Domino R5.0.6: installation path is: /opt/lotus/notes. Data is
in /local/notesdata
These are different partitions. Trying http://myserver2/.nsf/../local/notesdata/notes.ini or http://myserver2/.nsf/../notesdata/notes.ini or http://myserver2/.nsf/../notes.ini or http://myserver2/.nsf/../opt/lotus/notes/license.txt ... http://myserver2/.nsf/../opt/license.txt all give the same error: Error 404 Not found - file doesn't exist or is read protected
[even tried multi]
Thus I couldn't confirm your vulnerability. But on the
other hand,
both servers are really restrictive in what is allowed
to do for
domino. Maybe the error message should read: "...
does not have
permission to read this file." But remarkably there are no log entries telling me
one tried to
access an normally inaccessible file. Apache tells
me about such
an attempt! --------------------------------- From: Karl_Rademacher () agl aon com I've been unable to reproduce this on a machine
under my control. It just
strips out the .nsf/../ portion of the url and returns
the standard "404 File
not found" message. Did you experience anything
like that (in other words, am I
doing something wrong?). Here are the particulars
of the server in question:
NT4 SP6 with TCP security patches All forms of NT networking un-installed except the
IP stack.
Domino R5.05 running on a non-system partition HTTP server forces an ssl connect, user
authentication and doesn't allow
directory browsing. I'm thinking that something to do with the
directory browsing restriction
is causing the .nsf/../ to be stripped out of the GET
request by the server, but
I could be wrong. Still, I don't get the "URL
Containing .. Forbidden" message.
Any insights? ---------------------------------------- From: Felix Grushevskiy <fil () viaduk net> Version 5.06 (nt4sp6a) is also affected by this
Current thread:
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading fi Ben Greenbaum (Jan 10)
- <Possible follow-ups>
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading fi Kai Rossner (Jan 12)