[20259] in bugtraq
Advisory for Lotus Domino webserver
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue Apr 17 13:10:38 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_qbcFDtxoZYSyhchJEeYbfUjcJHapKTtP"
Mime-version: 1.0
Message-ID: <200104171352.GAA25672@user7.hushmail.com>
Date: Tue, 17 Apr 2001 09:50:40 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_qbcFDtxoZYSyhchJEeYbfUjcJHapKTtP
Content-type: text/plain
[ Advisory for Lotus Domino webserver ]
[ Lotus Domino is made by Lotus. ]
[ Site: http://www.lotus.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0101 ]
/-|=[explaination]=|-\
Lotus Domino is a webserver. It has a simple
physical path revealing problem.
/-|=[who is vulnerable]=|-\
Lotus-Domino Release-4.6.2
Lotus-Domino Release-4.6.3
Lotus-Domino Release-4.6.6
The above are versions I am sure of, but I assume
most 4.6.x and lower version are vulnerable.
for some reason Lotus-Domino Release-5.0.2
sometimes showed the physical path and sometimes it
did not. I do not know the reason for this.
NOT vulnerable is
Lotus-Domino Release-4.6.7(Intl)
Lotus-Domino Release-5.0.3
Lotus-Domino Release-5.0.4
Lotus-Domino Release-5.0.5
Lotus-Domino Release-5.0.6
This works on both NT and non-NT computers.
/-|=[testing it]=|-\
To test this vulnerability, try the following.
www.server.com/cgi-bin/a/../a
This should give you a error with a physical path.
/-|=[notes]=|-\
Seeing as this can be fixed by upgrading I did not
e-mail Lotus.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_qbcFDtxoZYSyhchJEeYbfUjcJHapKTtP--
