IBM Lotus Domino remote console verification Bypass Vulnerability

Release date:
Updated on: 2011-03-22

Affected Systems:
IBM Lotus Domino 8.x
IBM Lotus Domino 7.x
IBM Lotus Domino 6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46985

Lotus Domino is an email and cluster platform that integrates email, document database, Rapid Application Development Technology, and Web technology.

The remote console verification bypass vulnerability exists in the implementation of Lotus Domino. Remote attackers can exploit this vulnerability to execute arbitrary code with system-level permissions and completely control the affected systems, resulting in DOS.

A vulnerability exists in the remote console function monitored by default on TCP port 2050. When processing user authentication, the server uses the COOKIEFILE path provided by the user to receive the saved creden. The application then compares the data with the user name and Cookie provided by the user. COOKIEFILE can be a UNC path, allowing attackers to control known and correct creden。 and uncertain creden. Remote attackers can exploit this vulnerability to execute arbitrary code as system users.

<* Source: Patrik Karlsson

Link: http://www.zerodayinitiative.com/advisories/ZDI-11-110/
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Set the Console Password, provide another level of authentication, and restrict available commands on the console. You can also restrict access to the verified host from 2050/tcp on the host running the Domino Server Controller application.

Vendor patch:

IBM
---
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.ers.ibm.com/