[18492] in bugtraq
Workaround: Lotus Domino Server Directory Traversal Vulnerability
daemon@ATHENA.MIT.EDU (Miha.Vitorovic@NIL.SI)
Tue Jan 9 13:16:10 2001
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_alternative 003F4487C12569CF_="
Message-ID: <OFCEEC0E2C.9254EBC1-ONC12569CF.003C9419@nil.si>
Date: Tue, 9 Jan 2001 12:31:03 +0100
Reply-To: Miha.Vitorovic@NIL.SI
From: Miha.Vitorovic@NIL.SI
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multipart message in MIME format.
--=_alternative 003F4487C12569CF_=
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Hi all,
Today our Domino administrator (Robert Turnsek) and I spent some time=20
trying to make the recent Domino vulnerability disappear. This is what we=20
came up with.
Domino Server 5.0.5
- Open the Administration Client
- Select the server you want to administer
- "Configuration" tab / "Server" section / Current server document :
Press the "Web" button
Select "Create URL mapping/redirection"
- In the URL redirection document
+ "Basics" tab
Select: URL ---> Redirection URL
+ "Mapping" tab
Incoming URL: /.nsf/*
Redirection URL: [the URL you want to redirect to, for example=20
"http://www.notes.net"]
- Save the document
- Restart the HTTP task
I hope this helps...
---
Miha Vitorovic
In=BEenir v tehni=E8nem podro=E8ju
Customer Support Engineer
NIL Data Communications, Einspielerjeva 6, 1000 Ljubljana, Slovenia
Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
--=_alternative 003F4487C12569CF_=
Content-Type: text/html; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<br><font size=3D2 face=3D"sans-serif">Hi all,</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Today our Domino administrator (Robe=
rt Turnsek) and I spent some time trying to make the recent Domino vulnerab=
ility disappear. This is what we came up with.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Domino Server 5.0.5</font>
<br>
<br><font size=3D2 face=3D"sans-serif">- Open the Administration Client</fo=
nt>
<br><font size=3D2 face=3D"sans-serif">- Select the server you want to admi=
nister</font>
<br><font size=3D2 face=3D"sans-serif">- "Configuration" tab / &q=
uot;Server" section / Current server document :</font>
<br><font size=3D2 face=3D"sans-serif"> &=
nbsp; Press the "Web" button</font>
<br><font size=3D2 face=3D"sans-serif"> &=
nbsp; Select "Create URL mapping/redirection"</font>
<br><font size=3D2 face=3D"sans-serif">- In the URL redirection document</f=
ont>
<br><font size=3D2 face=3D"sans-serif"> + "Basics" tab</fon=
t>
<br><font size=3D2 face=3D"sans-serif"> Se=
lect: URL ---> Redirection URL</font>
<br><font size=3D2 face=3D"sans-serif"> + "Mapping" tab</fo=
nt>
<br><font size=3D2 face=3D"sans-serif"> In=
coming URL: /.nsf/*</font>
<br><font size=3D2 face=3D"sans-serif"> Re=
direction URL: [the URL you want to redirect to, for example "http://w=
ww.notes.net"]</font>
<br><font size=3D2 face=3D"sans-serif">- Save the document</font>
<br><font size=3D2 face=3D"sans-serif">- Restart the HTTP task</font>
<br>
<br><font size=3D2 face=3D"sans-serif">I hope this helps...</font>
<br>
<br><font size=3D2 face=3D"sans-serif">---<br>
Miha Vitorovic<br>
In=BEenir v tehni=E8nem podro=E8ju<br>
Customer Support Engineer<br>
<br>
NIL Data Communications, Einspielerjeva 6, 1000 Ljublja=
na, Slovenia<br>
Phone +386 1 4746 500 Fax +386 1 4746 501  =
; http://www.NIL.si</font>
--=_alternative 003F4487C12569CF_=--
