- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Lotus Notes Memory Mapped Files Vulnerability
------------------------------------------------------------------------
SUMMARY
Lotus Domino is "a client/server product designed for collaborative
working environments. Domino is designed for e-mail, scheduling, instant
messaging and data driven applications". There exists a vulnerability in
the way memory mapped files are used under Windows. The result of which is
that if the Lotus Notes Client is used in a Microsoft Terminal Services or
Citrix environment users can read each others Lotus Notes session data
including items such as E-Mail. The vulnerability also impacts the server
product.
DETAILS
The vulnerability arises due to the mechanism used for Inter-Process
Communication (IPC) between NLNOTES and NTASKLDR. IPC is performed via
memory mapped files. When the files are created a NULL is passed to the
ACL parameter resulting in EVERYONE being granted 'full-control'.
The result of this is that an attacker can read the contents of any users
Lotus Notes session when deployed in shared user environments such as
Terminal Services or Citrix. The data which is accessible ranges from
e-mail through to databases and associated Lotus Script.
It should be noted that this vulnerability could also be used to write to
the memory mapped files. The impact of which is that an attacker could
potentially inject active content such as Lotus Script.
Vendor Response:
* Fixed for the Notes client with 6.5.6, 7.0.3 and 8.0
* Fixed for the Domino server with 6.5.5 FP3, 6.5.6, 7.0.2 FP1, 7.0.3,
8.0
The fix requires that "SharedMemoryAllowOnly=1" be set in the notes.ini
file. Additional details about the notes.ini variable is available in
technote #1257030:
<http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21257030>
http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21257030
Recommendation:
Update to a secure version of Notes client and Domino server. Implement
the appropriate notes.ini fix.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5544>
CVE-2007-5544
ADDITIONAL INFORMATION
The information has been provided by
<mailto:ollie_whitehouse@symantec.com> Ollie Whitehouse.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment