netmag logo

__________Reklama_____________________
Reklama

 Archiv  
 1996
1997
1998
1999
2000
 		 
  Oblasti 
 Bazar
Consulting
Copyright
Disclaimer
DNSwalk
FAQ
Lamers List
LiterNet
O NetMagu
Peering v CR
Postav si PC
Pridej clanek
REKLAMA
Ruzne
Services
Tisk. zpravy
Webhosting
Whois
 		 
 Zajimave  
 
Cesky

CZIS
Grafika
HW server
Hysteria
Linux.cz
Lupa
Manis
Mobil
Nas ISP
Netacik
Neznalek
Penguin.cz
Peterka
Redmeat
Root.cz
SIS
Shareware
Svet h-ware
Technet
 
Anglicky
Antionline
Geocrawler
Hackernews
Hackers-s.
Hackersclub
Linuxberg
Linuxlinks
Linuxstart
l0pht
Posli SMS
Rootshell
Sec. focus
Two cows
 
Lechtive
Links 1
Links 2
Links 3
Links 4
Links 5
Playmates
 
Zaciname s Linuxem
Kde sehnat
Mikroservis
Myslik
Skolicky
U-ground
 		 
 Volna mista  
 Nove pozice

Byrokracie
Consulting
Programatori
Spravci siti
Telco

Zpet na
INDEX
 
  by Petr Nachtmann  
 

SARC Security Alert - Lotus R5 Domino Servers (-R5.06)

SARC

Symantec Security Alert Bulletin

SARC Security Alert: SARC Alert-2001-001

Date Issued: 08 February, 2001

HEADLINE: Denial of Service, Malformed HTML E-mail attachment crashes Lotus R5 Domino Servers prior to R5.06

SOURCE: Symantec Corp.

Affected Components:

Lotus R5 Domino Server 5.04+, <5.06; Lotus R5 Client 5.04+, <5.05

Not Affected:

Lotus R4 Domino Server 4.x, Lotus R5 Domino Server 5.06+

DETAILS:

Symantec recently discovered a previously unknown buffer overflow vulnerability in the Lotus Domino R5 Server HTML parser. Buffer overflows can be exploited for Denial of Service (DoS) or unauthorized access.

The vulnerability is exploited whenever a Notes client views a malformed HTML attachment. The overflow condition is caused by not correctly terminating a font size statement in an HTML attachment/page. When the Lotus Domino Server attempts to parse the HTML, it fails to do proper error checking on the malformed font size statement and overflows the font size input buffer.

The specific exploit that was tested caused the Lotus R5 Domino server to become completely unresponsive. It is possible to design an exploit that grants unauthorized access rather than denial of service.

RISK Impact: Severe depending on the criticality of the affected R5 Domino Server(s).

Security Response:

Symantec has worked closely with Lotus on a fix for this issue. Lotus recommends upgrading to at least Lotus R5 Domino Server R5.06. R5.06 and later have a reworked engine for handling HTML formatting that is not susceptible to this bug.

Temporary Solution: A temporary workaround is to purge all emails from the offending domain allowing the R5 Domino Servers to function normally.

CVE:

The Common Vulnerability and Exposures(CVE) project has assigned the name CAN-2001-0130 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

Credit: This vulnerability was uncovered through the efforts of Symantec Australia (to include SARC, MIS, Platinum Support with special thanks to Victor Ivanoff, Andy Norton and Rebecca Allen).

Copyright (c) 2001 by Symantec Corp.

Permission to redistribute this Bulletin electronically is granted as long as it is not edited in any way unless authorized by the SARC. Reprinting the whole or part of this Bulletin in medium other than electronically requires permission from sarc@symantec.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.

Symantec and SARC are Registered Trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

 

 Reakce na clanek: 
 

Jmeno:
E-mail:
Text:

 

__________Reklama_____________________
Reklama