CVE-2002-0407
CVSS5.0
发布时间 :2002-07-26 00:00:00
修订时间 :2016-10-17 22:20:10
NMCOS    

[原文]htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.


[CNNVD]Lotus Domino MS-DOS设备请求可导致路径泄露漏洞(CNNVD-200207-091)

        
        Lotus Domino服务器是一款基于WEB合作的应用程序架构,运行在Linux,Unix和Microsoft windows操作系统平台下。
        Lotus Domino服务器在处理针对MS-DOS设备名的请求处理上存在问题,可导致路径泄露。
        Lotus Domino使用QueryDosDevice函数检查是否引用的文件为DOS设备,然后处理判断是否文件存在或者是否使用access()函数进行访问。如果你把com5提交给access()函数,它会返回0,如果此设备不存在,函数就会返回-1。根据这个思想,通过构建特殊的请求让服务器解析,可产生错误导致泄露WEB路径。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0407
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0407
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-091
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101310812804716&w=2
(UNKNOWN)  BUGTRAQ  20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
http://www.iss.net/security_center/static/8160.php
(VENDOR_ADVISORY)  XF  lotus-domino-reveal-information(8160)
http://www.securityfocus.com/archive/1/265380
(UNKNOWN)  BUGTRAQ  20020402 KPMG-2002006: Lotus Domino Physical Path Revealed
http://www.securityfocus.com/bid/4406
(VENDOR_ADVISORY)  BID  4406

- 漏洞信息

Lotus Domino MS-DOS设备请求可导致路径泄露漏洞
中危 其他
2002-07-26 00:00:00 2005-10-20 00:00:00
远程  
        
        Lotus Domino服务器是一款基于WEB合作的应用程序架构,运行在Linux,Unix和Microsoft windows操作系统平台下。
        Lotus Domino服务器在处理针对MS-DOS设备名的请求处理上存在问题,可导致路径泄露。
        Lotus Domino使用QueryDosDevice函数检查是否引用的文件为DOS设备,然后处理判断是否文件存在或者是否使用access()函数进行访问。如果你把com5提交给access()函数,它会返回0,如果此设备不存在,函数就会返回-1。根据这个思想,通过构建特殊的请求让服务器解析,可产生错误导致泄露WEB路径。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有合适的临时解决方法。
        厂商补丁:
        Lotus
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请升级到5.0.10版本:
        Lotus Domino 5.0.9 a:
        IBM Upgrade Lotus Domino 5.0.10
        
        http://www.notes.net/qmrdown.nsf

- 漏洞信息

15455
IBM Lotus Domino htcgibin.exe MS-DOS Device Name Request Path Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Lotus Domino contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a specially-crafted MS-DOS Device name request, which will disclose physical path information resulting in a loss of confidentiality.

- 时间线

2002-02-07 Unknow
2002-02-07 Unknow

- 解决方案

Upgrade to version 5.0.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Lotus Domino MS-DOS Device Path Disclosure Vulnerability
Failure to Handle Exceptional Conditions 4406
Yes No
2002-04-02 12:00:00 2009-07-11 11:56:00
Discovery of this issue is credited to Peter Gründl <pgrundl@kpmg.dk>.

- 受影响的程序版本

Lotus Domino 5.0.9 a
Lotus Domino 5.0.10

- 不受影响的程序版本

Lotus Domino 5.0.10

- 漏洞讨论

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

Vulnerable versions of Lotus Domino do not properly handle specially crafted requests for MS-DOS devices, causing sensitive path information to be disclosed to remote attackers.

Sensitive information gathered in this manner may aid the attacker in further attacks against the host running the vulnerable software.

This issue was reported for Lotus Domino v5.0.9a for Microsoft Windows platforms. Earlier versions may also be affected.

- 漏洞利用

This issue may be exploited with a web browser.

- 解决方案

This issue has been addressed in v5.0.10 of Lotus Domino. Administrators are advised to upgrade.


Lotus Domino 5.0.9 a

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站