Bugtraq mailing list archives

Lotus Response to "Domino Server Directory Traversal Vulnerability"

From: Katherine Spanbauer <Katherine_Spanbauer () LOTUS COM>
Date: Tue, 9 Jan 2001 21:16:22 -0500

Lotus has published the following statement regarding the recently reported
issue "Domino Server Directory Traversal Vulnerability".  This information
will be posted to the Lotus web site at http://www.lotus.com/security.

Regards,

Katherine Spanbauer
Product Manager, Notes and Domino Security
Lotus Development Corporation
katherine_spanbauer () lotus com


What is the nature of the vulnerability?
Given a known path and file name, files may accessed from a Domino server
running the HTTP task.  This is limited to the file system (or drive) on
which the Domino server is installed.  It is not possible to browse the
file system, but if a file name can be correctly guessed at, it can be
accessed.

What versions of Domino are affected?
R5.0 - R5.0.6
R4x is not affected

How can I track this issue?
The SPR (Software Problem Report) number is KSPR4SPQ5S.  When an SPR is
fixed, it is posted in the Fix List database on Notes.net -->
http://www.notes.net/R5FixList.nsf

What are Lotus' plans to address this issue?
Lotus is treating this with the highest priority and has a fix being tested
now.   This fix is planned for R5.0.6a and it will be posted to
http://notes.net as soon as it is available.  We are currently targeting
the end of this week (13-Jan-01).  If the schedule changes, this document
will be updated.

Is there a workaround available?
Yes.  Until R5.0.6a is available, the following workaround is recommended:

Open the Administration Client
Select the server you want to administer
"Configuration" tab / "Server" section / Current server document :
               Press the "Web" button
               Select "Create URL mapping/redirection"
In the URL redirection document
  + "Basics" tab
         Select: URL ---> Redirection URL
  + "Mapping" tab
         Incoming URL:  */../*
         Redirection URL: [the URL you want to redirect to, for example "
http://hostname/homepage.nsf";]
Save the document
Restart the HTTP task


Acknowledgments:
Miha Vitorovic of NIL Data Communications and Leonardo Rodrigues of
Solution Web posted similar solutions to the list and we acknowledge and
appreciate their contributions.

Current thread:

Lotus Response to "Domino Server Directory Traversal Vulnerability" Katherine Spanbauer (Jan 10)
- <Possible follow-ups>
- Re: Lotus Response to "Domino Server Directory Traversal Vulnerability" Vinci Chou (Jan 12)