(Vendor Describes Solution) Lotus Notes HTML Attachment Processing Lets Remote Users Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1014491 |
|
SecurityTracker URL: http://securitytracker.com/id/1014491
|
|
CVE Reference:
CVE-2005-2175
(Links to External Site)
|
Date: Jul 15 2005
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.5.4 and prior versions
|
Description:
An input validation vulnerability was reported in Lotus Notes in the web mail interface. A remote user can conduct cross-site scripting attacks.
A remote user can send an e-mail with an HTML file attachment to a target user. If the target user clicks on the attachment, the HTML code is executed without first providing a warning prompt. Arbitrary scripting code may be executed by the target user's browser. The code will originate from the site running the Lotus Notes software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
An HTML attachment with Content-Type of 'text/html' and Content-Disposition of 'inline' can trigger the flaw.
Shalom Carmel reported this vulnerability.
|
Impact:
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Lotus Notes software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution:
The vendor indicates that the vulnerability only affects users accessing the standard Notes mail template(s) from a Web client. Users accessing the standard Notes mail templates from the Notes client are not affected. Users of the Domino Web Access templates (INOTES5.NTF, INOTES60.NTF or INOTES6.NTF) for reading their mail from a Web client are also not affected.
IBM Lotus strongly recommendeds using of Domino Web Access (iNotes). The Domino Web Access mail template prompts the user to open or save when clicking on attachments.
The vendor recommends upgrading the mail template. For information on upgrading, see the vendor's advisory at:
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21211783
|
Vendor URL: www-1.ibm.com/support/docview.wss?rs=463&uid=swg21211783 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 14 Jul 2005 23:57:34 -0400
Subject: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21211783
|
Excerpt from advisory:
> This issue affects users who access the standard Notes mail template(s) from a Web
> client. This does not affect users who access the standard Notes mail templates from
> the Notes client, nor does it affect users who use the Domino Web Access templates
> (INOTES5.NTF, INOTES60.NTF or INOTES6.NTF) to read their mail from a Web client.
>
> IBM Lotus has strongly recommended the usage of Domino Web Access (iNotes) since its
> introduction in Domino 5.0.8 as our premier Web mail interface. The Domino Web Access
> mail template can be used by both Lotus Notes clients and Web clients and is a more
> secure and feature-rich option for accessing your Notes mail from the Web.
|
|
