Lotus Domino Allows Directory Traversal

Reported January 5, 2001 by Georgi Guninski

VERSIONS AFFECTED
  • Lotus Domino 5.0.6

DESCRIPTION

Lotus Domino Server lets remote users gain access to files not typically available through the server.

DEMONSTRATION

By inserting an .nfs extension into the URL after the server name, remote users can specify a filename for viewing, provided they know the literal path to the file:

http://localhost/.nsf/../winnt/win.ini

VENDOR RESPONSE

IBM has been informed of the problem and will correct the matter in the next version of Domino Server. In the meantime, users can work around the problem by creating a URL redirection or mapping within the Domino Server administrative client, and by isolating the Domino Server installation on its own partition.

UPDATE 01/18/2001: According to a response posted on the Lotus Web site, this issue will be corrected in version 5.0.6a.

CREDIT
Discovered by Georgi Guninski

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish