SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Domino/Notes (Lotus) Vendors:  IBM
IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files
SecurityTracker Alert ID:  1015657
SecurityTracker URL:  http://securitytracker.com/id?1015657
CVE Reference:  CVE-2005-2618 ,  CVE-2005-2619   (Links to External Site)
Date:  Feb 21 2006
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Secunia Research
Version(s): 6.5.4 and prior versions; 7.0
Description:  Several vulnerabilities were reported in Lotus Domino/Notes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can also cause files to be deleted.

The 'kvarcve.dll' component does not properly validate data when generating the preview of a compressed file from a ZIP, UUE, or TAR archive [CVE-2005-2619]. A remote user can create a specially crafted file in an archive that, when previewed by the target user within the Notes attachment viewer, will delete arbitrary files with the privileges of the target user.

Several buffer overflows exist in various Lotus Notes viewers [CVE-2005-2618].

A remote user can create an e-mail message with a specially crafted link of about 800 characters in length and beginning with either "http", "ftp", or "//". When the target user loads the link, a stack overflow is triggered and arbitrary code can be executed. A link that references a local file can also be used to exploit this vulnerability.

A remote user can create a TAR archive with a compressed file that has a long path of more than 220 bytes. When the target user views the archive and selects to extract the compressed file and save it to a directory with a long path name, a stack overflow is triggered in 'tarrdr.dll' and arbitrary code can be executed.

A remote user can create a UUE file with an encoded file that has a long filename. When the target user views the file using the Notes attachment viewer, a stack overflow is triggered in 'uudrdr.dll' and arbitrary code can be executed.

The vendor was notified in August 2005.

The vendor indicates that only Windows-based systems are affected.

Tan Chew Keong and Carsten Eiram of Secunia Research discovered these vulnerabilities.
Impact:  A remote user can cause files to be deleted on the target user's system.

A remote user can cause arbitrary code to be executed on the target user's system.
Solution:  The vendor has released fixed versions (6.5.5 and 7.0.1).

The vendor's advisory is available at:

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
Vendor URL:  www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 (Links to External Site)
Cause:  Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 21 Feb 2006 14:34:50 -0500
Subject:  Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers

 
 
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC