Bugtraq mailing list archives
Re: KPMG-2002006: Lotus Domino Physical Path Revealed
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Sun, 03 Mar 2002 13:01:01 +0100
02/04/2002 16:18:06, Peter Gründl <pgrundl () kpmg dk> wrote :
Problem: ======== Due to problems handling Windows DOS devices, the Domino Server can be brought to show the physical location of the web root.
Corrective action: ================== Upgrade to Lotus Domino V5.0.10, which can be downloaded here: http://www.notes.net/qmrdown.nsf
This upgrade solves the "banner disclosure" issue too, which was presented to Bugtraq readers in my post regarding "physical path disclosure" [1]. Apparently, the banner string was hard-coded in the "htcgibin.exe" module ... Thanks to Peter Gründl <pgrundl () kpmg dk> for testing the lastest Domino release for this bug. [1] : http://online.securityfocus.com/archive/1/254768 Nicolas Gregoire Exaprobe
Current thread:
- KPMG-2002006: Lotus Domino Physical Path Revealed Peter Gründl (Apr 02)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed Nicolas Gregoire (Apr 03)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed Joe Testa (Apr 03)