CVE-2003-0123
CVSS5.0
发布时间 :2003-03-18 00:00:00
修订时间 :2016-10-17 22:29:48
NMCOS    

[原文]Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.


[CNNVD]Lotus Notes/Domino Web Retriever HTTP状态远程缓冲区溢出漏洞(CNNVD-200303-059)

        
        Lotus Domino/Notes服务器是一款基于WEB合作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。
        Lotus Notes/Domino Web Retriever在处理超长HTTP状态信息时不正确 ,远程攻击者利用这个漏洞进行缓冲区溢出攻击,可能以当前进程权限在系统上执行任意指令。
        Lotus Notes/Domino Web Retriever task是用于接收来自WEB服务器上的信息,如果远程WEB服务器应答的HTTP状态行超长的情况下可导致Web Retriever程序崩溃。如果Web Retriever以服务器任务方式运行,会导致服务器产生拒绝服务。
        服务器返回的应答行中如果包含标准HTTP版本和超过6000字节的状态消息,并最后附加两个回车/换行对,就可以导致Web Retriever崩溃。
        注意,如果客户端使用Notes Web浏览器代替外部浏览器程序,也会存在此漏洞。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ibm:lotus_domino:4.6.3IBM Lotus Domino 4.6.3
cpe:/a:ibm:lotus_domino:4.6.4IBM Lotus Domino 4.6.4
cpe:/a:ibm:lotus_domino:5.0.7aIBM Lotus Domino 5.0.7a
cpe:/a:ibm:lotus_domino:5.0.4::solaris
cpe:/a:ibm:lotus_notes_client:5.0.9aIBM Lotus Notes Client 5.0.9a
cpe:/a:ibm:lotus_domino:5.0.9aIBM Lotus Domino 5.0.9a
cpe:/a:ibm:lotus_notes_client:5.0.4IBM Lotus Notes Client 5.0.4
cpe:/a:ibm:lotus_domino:5.0.8:::french
cpe:/a:ibm:lotus_domino:4.6.1IBM Lotus Domino 4.6.1
cpe:/a:ibm:lotus_notes_client:5.0.5IBM Lotus Notes Client 5.0.5
cpe:/a:ibm:lotus_domino:5.0.4aIBM Lotus Domino 5.0.4a
cpe:/a:ibm:lotus_notes_client:5.0.3IBM Lotus Notes Client 5.0.3
cpe:/a:ibm:lotus_notes_client:5.0.10IBM Lotus Notes Client 5.0.10
cpe:/a:ibm:lotus_domino:5.0IBM Lotus Domino 5.0
cpe:/a:ibm:lotus_domino:5.0.6aIBM Lotus Domino 5.0.6a
cpe:/a:ibm:lotus_notes_client:5.0.1IBM Lotus Notes Client 5.0.1
cpe:/a:ibm:lotus_notes_client:5.0.2IBM Lotus Notes Client 5.0.2
cpe:/a:ibm:lotus_domino:5.0.8aIBM Lotus Domino 5.0.8a
cpe:/a:ibm:lotus_notes_client:5.0.11IBM Lotus Notes Client 5.0.11
cpe:/a:ibm:lotus_domino:5.0.1IBM Lotus Domino 5.0.1
cpe:/a:ibm:lotus_domino:5.0.2IBM Lotus Domino 5.0.2
cpe:/a:ibm:lotus_domino:5.0.7::solaris
cpe:/a:ibm:lotus_domino:5.0.5IBM Lotus Domino 5.0.5
cpe:/a:ibm:lotus_domino:5.0.6IBM Lotus Domino 5.0.6
cpe:/a:ibm:lotus_notes_client:5.0IBM Lotus Notes Client 5.0
cpe:/a:ibm:lotus_domino:5.0.3IBM Lotus Domino 5.0.3
cpe:/a:ibm:lotus_domino:5.0.11IBM Lotus Domino 5.0.11
cpe:/a:ibm:lotus_domino:5.0.9IBM Lotus Domino 5.0.9
cpe:/a:ibm:lotus_domino:5.0.10IBM Lotus Domino 5.0.10
cpe:/a:ibm:lotus_domino:5.0.8IBM Lotus Domino 5.0.8
cpe:/a:ibm:lotus_domino:5.0.5:::french
cpe:/a:ibm:lotus_notes_client:r5IBM Lotus Notes Client R5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0123
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0123
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-059
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=104757545500368&w=2
(UNKNOWN)  BUGTRAQ  20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
(VENDOR_ADVISORY)  CONFIRM  http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
http://www.cert.org/advisories/CA-2003-11.html
(UNKNOWN)  CERT  CA-2003-11
http://www.ciac.org/ciac/bulletins/n-065.shtml
(UNKNOWN)  CIAC  N-065
http://www.kb.cert.org/vuls/id/411489
(UNKNOWN)  CERT-VN  VU#411489
http://www.rapid7.com/advisories/R7-0011.html
(UNKNOWN)  MISC  http://www.rapid7.com/advisories/R7-0011.html
http://www.securityfocus.com/bid/7038
(VENDOR_ADVISORY)  BID  7038
http://xforce.iss.net/xforce/xfdb/11525
(UNKNOWN)  XF  lotus-web-retriever-bo(11525)

- 漏洞信息

Lotus Notes/Domino Web Retriever HTTP状态远程缓冲区溢出漏洞
中危 边界条件错误
2003-03-18 00:00:00 2006-09-21 00:00:00
远程  
        
        Lotus Domino/Notes服务器是一款基于WEB合作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。
        Lotus Notes/Domino Web Retriever在处理超长HTTP状态信息时不正确 ,远程攻击者利用这个漏洞进行缓冲区溢出攻击,可能以当前进程权限在系统上执行任意指令。
        Lotus Notes/Domino Web Retriever task是用于接收来自WEB服务器上的信息,如果远程WEB服务器应答的HTTP状态行超长的情况下可导致Web Retriever程序崩溃。如果Web Retriever以服务器任务方式运行,会导致服务器产生拒绝服务。
        服务器返回的应答行中如果包含标准HTTP版本和超过6000字节的状态消息,并最后附加两个回车/换行对,就可以导致Web Retriever崩溃。
        注意,如果客户端使用Notes Web浏览器代替外部浏览器程序,也会存在此漏洞。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 可以进行如下操作在服务器中关闭Web Retriever task:
        在NOTES.INI文件中删除ServerTasks行中的'Web'字段,然后在服务器控制台发送'tell web quit'命令。
        * 可以考虑Web Retrieval数据库(一般为/WEB.NSF),或者使用ACL控制用户访问此数据库。
        厂商补丁:
        Lotus
        -----
        运行Lotus Domino R6 pre-Gold releases的用户可升级到R6.0 Gold或更高的版本。由于R6.0 Gold存在其他漏洞,建议用户升级到2003-02之后发布的R6.0.1版本。
        运行R5版本的用户应该升级到Notes R5.0.12版本。
        Domino incremental installers可从如下地址获得:
        
        http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ESD-DMNTSRVRi&sb=r

- 漏洞信息

10829
IBM Lotus Notes/Domino Web Retriever Client Long HTTP Status Line DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-03-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Lotus Notes/Domino Web Retriever Buffer Overflow Denial Of Service Vulnerability
Boundary Condition Error 7038
Yes No
2003-03-06 12:00:00 2009-07-11 08:06:00
Discovery of this vulnerability credited to Rapid7, Inc.

- 受影响的程序版本

Lotus Notes Client 5.0.11
Lotus Notes Client 5.0.10
Lotus Notes Client 5.0.9 a
Lotus Notes Client 5.0.5
Lotus Notes Client 5.0.4
Lotus Notes Client 5.0.3
Lotus Notes Client 5.0.2
Lotus Notes Client 5.0.1
Lotus Notes Client 5.0
Lotus Notes Client R5
Lotus Domino 5.0.11
Lotus Domino 5.0.10
Lotus Domino 5.0.9 a
Lotus Domino 5.0.9
Lotus Domino 5.0.8 a
Lotus Domino 5.0.8 -french
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.8
Lotus Domino 5.0.7 a
Lotus Domino 5.0.7
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.6 a
Lotus Domino 5.0.6
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.5 -french
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.5
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.4 a
Lotus Domino 5.0.4
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.3
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.2
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0.1
- HP HP-UX 9.9
- HP HP-UX 9.9
- IBM AIX 4.3
- IBM AIX 4.3
- IBM OS/2 4.5 Warp
- IBM OS/2 4.5 Warp
- IBM OS/390 V2R9
- IBM OS/390 V2R9
- Linux kernel 2.3
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
Lotus Domino 5.0
Lotus Domino 4.6.4
- Microsoft Windows NT 4.0
Lotus Domino 4.6.3
Lotus Domino 4.6.1
- Microsoft Windows NT 4.0
Lotus Notes Client 6.0.1
Lotus Notes Client 6.0
Lotus Notes Client R6
Lotus Domino 6.0.1
Lotus Domino 6.0
Lotus Domino 5.0.12

- 不受影响的程序版本

Lotus Notes Client 6.0.1
Lotus Notes Client 6.0
Lotus Notes Client R6
Lotus Domino 6.0.1
Lotus Domino 6.0
Lotus Domino 5.0.12

- 漏洞讨论

A buffer overflow vulnerability has been reported for the Web Retriever program that will result in a denial of service condition. Web Retriever is a program that returns web pages for Notes users.

An attacker can exploit this vulnerability by enticing a victim user to visit an attacker-controlled site. When a HTTP request is made, the malicious site responds with a HTTP response that includes an overly long status line. When Web Retriever processes this request, the buffer overflow condition is triggered and will result in a denial of service condition.

- 漏洞利用

There is no exploit code required.

- 解决方案

These issues have reportedly been fixed by upgrading to R5.0.12, R6 Gold, and 6.0.1. Administrators are urged to apply the upgrades and also follow best practices as well as all available mitigating strategies.

Fixes for Notes and Domino can be found at the Notes/Domino Downloads link in the References section.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站