[19317] in bugtraq
Re: Lotus Notes Stored Form Vulnerability
daemon@ATHENA.MIT.EDU (mark myers)
Wed Feb 21 19:55:05 2001
Message-Id: <20010221210607.27697.qmail@securityfocus.com>
Date: Wed, 21 Feb 2001 21:06:07 -0000
Reply-To: markmyers@TALK21.COM
From: mark myers <markmyers@TALK21.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Ok Here How it goes
R4
Stored forms enabled, ECL implemented but left wide
open, Stored forms can not be received via external
mail.
If I was a hacker, trying to use a stored form on R4 I
would have to create the form on my own computer,
then take the edited template/database, get it into the
company I want to use, get hold of a valid ID and
password, and then send it, the problems are
(ignoring the coding ones) getting a ID file and
password for the companies notes getting into their
LAN (not just past their firewall but actually on their
LAN)
-some how If I was a hacker and could get onto a
LAN with a valid ID an Password, sending a mail
would not be high on my list of things to do, PS the
previous mails are correct this has been around for
years.
R5
Stored forms enabled, ECL implemented but by
default as tight a sharks arse at 25,000 fathoms,
Stored forms can be received via external mail, if the
recipient is trusted.
were are on similar ground with R5, but with the
added bits of ECL (which is based on a text match
not on public/private key checking), and the ability to
send notes mails over the NET, same problems as
before if you want to do it over the LAN, with the
added bit that, you would have to build a server fist to
create the correct domain, with which to stamp the
Database, but we could attack over the NET can't
we, well yes if the domain we attack trusts us, or is
we are certain that the company is using Notes for its
SMTP gateway with nothing imbetween it and the
NET, like a VAX or anything like that and if the
administrators are daft and have left the SMPT
gateway wide open
I have been writeing GroupWare with
notes/domino/exchange and the web for 6 years now.
This issues was old years ago, and as far as security
loop holes go I'm not going to lose masses of sleep
over it, if you set up you system with a normal degree
of sense, I don't seen it ever causing a problem,
If anyone disagrees my mail is
markmyers@talk21.com
Thanks
