About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

BlogSphere RSS Feed RSS Feed

Downloads

LotusScript Progress Meter
Removing Icons In Workspace
MS Constants Notes database
My Writing/Speaking Credits
Privacy/Disclosure Statement

Visitor Count...



View My Stats

« Product Review - Joby Gorillamobile Yogi for iPad | Main| Book Review - Sway: The Irresistible Pull of Irrational Behavior by Ori Brafman and Rom Brafman »

IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

Category IBM/Lotus
From ZDI: IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

Affected Products
Lotus Domino

Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability.

The flaw exists within the remote console functionality which listens by default on TCP port 2050. When handling A user authentication the server uses a user supplied COOKIEFILE path to retrieve stored credentials. The application then compares this data against the user provided username and cookie. The path to the COOKIEFILE can be a UNC path allowing the attacker to control both the known good credentials and the challenge credentials. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response
IBM states:

March 22, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

-- Mitigations:
Setting a console password provides another level of authentication and limits the commands available in the console.
To further mitigate this vulnerability access to 2050/tcp on hosts running the Domino Server Controller application should be restricted to authorized hosts.

Disclosure Timeline
2010-09-23 - Vulnerability reported to vendor
2011-03-22 - Coordinated public release of advisory

Posted by Thomas Admin Duff On 03/23/2011 | | Bookmark and Share

Comments

Gravatar Image1 - Does anyone know whether this is fixed in 8.5.3?

Posted by Martijn de Jong At 14:16:44 On 23/03/2011 | - Website - |


Gravatar Image2 - According info from IBM support fixed in 8.5.3 and in 8.5.2 FP3.

Posted by Wolfgang Haderlein At 03:52:17 On 13/05/2011 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives