[18525] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Lotus Domino 5.0.5 Web Server vulnerability WORK AROUNDS

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Wed Jan 10 14:16:32 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-Id:  <3A5C1D6E.FF84811B@guninski.com>
Date:         Wed, 10 Jan 2001 10:29:34 +0200
Reply-To: Georgi Guninski <guninski@GUNINSKI.COM>
From: Georgi Guninski <guninski@GUNINSKI.COM>
X-To:         TDyson@SYBEX.COM
To: BUGTRAQ@SECURITYFOCUS.COM

"Dyson, Thom" wrote:
>
> These came to me from the Notes Admin List.
>
> -------Solution 1---------
> I don't the original author of this fix, so I can't give proper credit.
>
> Add a File Protection Document in your PAB/DD:
>
> Path:     /.box/../
>
> Access Control:     -Default- - No Access
>
> Repeat this for .ns4 and .nsf (.ns3 and .ntf are not affected).
>
> Once you do this, do "tell http restart" or bounce your server.
>

This workaround does not always work.
Try
---------------------------------------
http://TARGETDOMINO/.nsf/AAA/../../FILE
---------------------------------------

Georgi Guninski


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18525] in bugtraq

Re: Lotus Domino 5.0.5 Web Server vulnerability WORK AROUNDS

daemon@ATHENA.MIT.EDU (Georgi Guninski)Wed Jan 10 14:16:32 2001

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Wed Jan 10 14:16:32 2001