SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   IBM iNotes and Domino Vendors:   IBM
IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files
SecurityTracker Alert ID:  1015657
SecurityTracker URL:  http://securitytracker.com/id/1015657
CVE Reference:   CVE-2005-2618, CVE-2005-2619   (Links to External Site)
Date:  Feb 21 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.5.4 and prior versions; 7.0
Description:   Several vulnerabilities were reported in Lotus Domino/Notes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can also cause files to be deleted.

The 'kvarcve.dll' component does not properly validate data when generating the preview of a compressed file from a ZIP, UUE, or TAR archive [CVE-2005-2619]. A remote user can create a specially crafted file in an archive that, when previewed by the target user within the Notes attachment viewer, will delete arbitrary files with the privileges of the target user.

Several buffer overflows exist in various Lotus Notes viewers [CVE-2005-2618].

A remote user can create an e-mail message with a specially crafted link of about 800 characters in length and beginning with either "http", "ftp", or "//". When the target user loads the link, a stack overflow is triggered and arbitrary code can be executed. A link that references a local file can also be used to exploit this vulnerability.

A remote user can create a TAR archive with a compressed file that has a long path of more than 220 bytes. When the target user views the archive and selects to extract the compressed file and save it to a directory with a long path name, a stack overflow is triggered in 'tarrdr.dll' and arbitrary code can be executed.

A remote user can create a UUE file with an encoded file that has a long filename. When the target user views the file using the Notes attachment viewer, a stack overflow is triggered in 'uudrdr.dll' and arbitrary code can be executed.

The vendor was notified in August 2005.

The vendor indicates that only Windows-based systems are affected.

Tan Chew Keong and Carsten Eiram of Secunia Research discovered these vulnerabilities.

Impact:   A remote user can cause files to be deleted on the target user's system.

A remote user can cause arbitrary code to be executed on the target user's system.

Solution:   The vendor has released fixed versions (6.5.5 and 7.0.1).

The vendor's advisory is available at:

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

Vendor URL:  www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC