SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   IBM iNotes and Domino Vendors:   IBM
Lotus Notes URL Handler Filtering Flaw Lets Remote Users Execute Arbitrary Scripting Code
SecurityTracker Alert ID:  1010567
SecurityTracker URL:  http://securitytracker.com/id/1010567
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 22 2004
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x prior to 6.0.4; 6.5.x prior to 6.5.2
Description:   An input validation vulnerability was reported in IBM's Lotus Notes. A remote user can conduct cross-site scripting attacks.

IBM reported that the Notes URL handler does not properly filter user-supplied input when a target user clicks on a Notes URL. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site containing the malicious URL and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The report indicates that if the use of Internet shares is restricted via firewall configuration or registry settings, then this flaw is not exploitable.

The report also says that if the Notes client is already running on the target user's workstation, then the flaw is not exploitable.

Jouko Pynnonen and iDEFENSE are credited with reporting this flaw to IBM.
Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site hosting the malicious URL, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   IBM has issued fixed versions of Domino (6.0.4 and 6.5.2).
Vendor URL:  www.ibm.com/support/docview.wss?rs=463&uid=swg21169510 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Subject:  http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21169510


http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21169510

 > Lotus Notes URL Handler Argument Injection Vulnerability

 > Jouko Pynnonen, in association with iDEFENSE, reported a vulnerability in the Lotus
 > Notes client that may allow an attacker to execute malicious code on the user's
 > workstation under certain circumstances.

 > The Notes URL handler fails to properly filter input when a web browser activates the
 > Notes client by clicking on a Notes URL.

IBM has issued fixed versions of Domino (6.0.4 and 6.5.2).

The report indicates that if the use of Internet shares is restricted via firewall 
configuration or registry settings, then this flaw is not exploitable.

The report also says that if the Notes client is already running on the target user's 
workstation, then the flaw is not exploitable.


----

 > Operating system(s):
 >   	Windows
 >  Software version:
 >   	6.5.x, 6.0.x
 >  Reference #:
 >  	1169510

 >  Modified date:
 >  	2004-06-22


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC