|
Family: Gain a shell remotely --> Category: infos
Lotus Domino Server Date Fields Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for date fields overflow vulnerability in Lotus Domino Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is susceptible to a buffer overflow
vulnerability.
Description :
According to its banner, the remote host is running a version of Lotus
Domino Server that is prone to a buffer overflow that can be triggered
by submitting a POST request with large amounts of data for certain
date / time fields. A remote attacker can reportedly exploit this
flaw to crash the web server or to execute arbitrary code on the
affected host.
See also :
http://www.ngssoftware.com/advisories/lotus-01.txt
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21202431
Solution :
Upgrade to Lotus Domino Server version 6.0.5 / 6.5.4 Maintenance
Release or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|