[18476] in bugtraq
Re: Lotus Domino: security hole the size of Texas,
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Mon Jan 8 19:00:54 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.30.0001082151040.322-100000@dione.ids.pl>
Date: Sat, 8 Jan 2000 21:52:27 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Robert van der Meulen <rvdm@cistron.nl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010108202125.A1976@cistron.nl>
On Mon, 8 Jan 2001, Robert van der Meulen wrote:
> Entertaining ;) Do you have more detailed information about this ? I
> wouldn't mind knowing what version(s) you tried this on, and where it
> worked..
No problem. Premilinary tests were done on Lotus Domino Release 5.0.5...
erm, I have no specific info on a few confirmations I've received. We've
confirmed that ACLs are NOT preventing this kind of attack.
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
