|
|
Lotus Domino HTTP验证记录缓冲区溢出漏洞
发布时间:2002-04-16
更新时间:2003-01-20
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:6646
受影响系统Lotus Domino 5.0
Lotus Domino 5.0.1
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.2
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.3
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.4 a
Lotus Domino 5.0.4
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.5
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.6 a
Lotus Domino 5.0.6
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- Sun Solaris 8.0
Lotus Domino 5.0.7 a
Lotus Domino 5.0.7
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Sun Solaris 8.0
Lotus Domino 5.0.8
Lotus Domino 5.0.9 a
Lotus Domino 5.0.9 详细描述
Lotus Domino Web服务程序在验证阶段存在一个缓冲区溢出问题。当HTTP验证数据记录到'DOMLOG.NSF'数据库的时候没有进行充分的边界缓冲检查,如果攻击者提交的超长验证头数据包含非ASCII字符,就可以导致服务程序崩溃,存在执行任意代码的可能。
测试代码
尚无
解决方案
临时方法:
把数据记录到普通文本文件来代替记录到'DOMLOG.NSF'数据库中。
补丁下载:
Lotus Domino 5.0:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.1:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.2:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.3:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.4 a:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.4:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.5:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.6 a:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.6:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.7 a:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.7:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.8:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.9 a:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
Lotus Domino 5.0.9:
IBM Upgrade Lotus Domino 5.0.10
http://www.notes.net/qmrdown.nsf
相关信息
参考:http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=96F6A9D96DFD8BB585256B8A005A8C57
|
