CVE-2005-2618
CVSS9.3
发布时间 :2005-12-31 00:00:00
修订时间 :2011-09-06 00:00:00
NMCOPS    

[原文]Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).


[CNNVD]IBM Lotus Notes文件附件处理多个远程溢出和目录遍历漏洞(CNNVD-200512-905)

        Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。
        IBM Lotus Notes中存在多个远程溢出和目录遍历漏洞,具体如下:
        IBM Lotus Notes的kvarcve.dll在解压ZIP文档创建压缩文件的完整路径名时存在栈溢出漏洞,如果用户在
        Notes附件浏览器中解压了带有超长文件名的压缩文件时可能导致执行任意代码。
        IBM Lotus Notes的uudrdr.dll在处理带有超长文件名的特制UUE文件时存在堆溢出漏洞,如果用户在Notes附件浏览器中打开了恶意的UUE文件的话就可能导致执行任意代码。
        IBM Lotus Notes的TAR阅读器(tarrdr.dll)在从TAR文档解压文件时存在栈溢出漏洞。如果用户解压了带有超长文件名的TAR文件的话就可能导致执行任意代码。但是,只有用户选择将恶意文件解压到有超长路径(多于220个字节)的目录中时才会出现这个漏洞。
        IBM Lotus Notes的HTML快速阅读器(htmsr.dll)中存在栈溢出漏洞。如果用户读取了包含有以"http"、"ftp"或"//"开始的超长(大约800个字符)链接的恶意邮件的话,就可能导致执行任意代码。
        IBM Lotus Notes的HTML阅读器在检查链接是否引用了本地文件时存在栈溢出漏洞。如果用户浏览了包含有超长链接的恶意邮件时就可能执行任意代码。
        IBM Lotus Notes的kvarcve.dll在从ZIP、UUE或TAR文档生成压缩文件预览时存在目录遍历漏洞。如果用户在Notes附件浏览器中预览了恶意文件的话就可能导致删除任意文件。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:autonomy:keyview_viewer_sdkAutonomy KeyView Viewer SDK
cpe:/a:autonomy:keyview_export_sdkAutonomy KeyView Export SDK
cpe:/a:autonomy:keyview_filter_sdkAutonomy KeyView Filter SDK
cpe:/a:ibm:lotus_notes:6.5.1IBM Lotus Notes 6.5.1
cpe:/a:ibm:lotus_notes:6.5.2IBM Lotus Notes 6.5.2
cpe:/a:ibm:lotus_notes:6.0.1IBM Lotus Notes 6.0.1
cpe:/a:ibm:lotus_notes:6.0.3IBM Lotus Notes 6.0.3
cpe:/a:ibm:lotus_notes:7.0IBM Lotus Notes 7.0
cpe:/a:ibm:lotus_notes:6.0.4IBM Lotus Notes 6.0.4
cpe:/a:ibm:lotus_notes:6.0.5IBM Lotus Notes 6.0.5
cpe:/a:ibm:lotus_notes:6.5IBM Lotus Notes 6.5
cpe:/a:ibm:lotus_notes:6.5.4IBM Lotus Notes 6.5.4
cpe:/a:ibm:lotus_notes:6.5.3IBM Lotus Notes 6.5.3
cpe:/a:ibm:lotus_notes:6.0.2IBM Lotus Notes 6.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2618
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2618
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-905
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/884076
(VENDOR_ADVISORY)  CERT-VN  VU#884076
http://www.osvdb.org/23068
(PATCH)  OSVDB  23068
http://www.osvdb.org/23067
(PATCH)  OSVDB  23067
http://www.osvdb.org/23066
(PATCH)  OSVDB  23066
http://www.osvdb.org/23065
(PATCH)  OSVDB  23065
http://www.osvdb.org/23064
(PATCH)  OSVDB  23064
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
(PATCH)  CONFIRM  http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
http://securitytracker.com/id?1015657
(PATCH)  SECTRACK  1015657
http://secunia.com/advisories/16280
(VENDOR_ADVISORY)  SECUNIA  16280
http://secunia.com/advisories/16100
(VENDOR_ADVISORY)  SECUNIA  16100
http://xforce.iss.net/xforce/xfdb/24639
(UNKNOWN)  XF  lotus-htmsr-link-bo(24639)
http://xforce.iss.net/xforce/xfdb/24638
(UNKNOWN)  XF  lotus-tarrdr-filename-bo(24638)
http://xforce.iss.net/xforce/xfdb/24636
(UNKNOWN)  XF  lotus-uudrdr-uue-bo(24636)
http://xforce.iss.net/xforce/xfdb/24635
(UNKNOWN)  XF  lotus-kvarcve-filename-bo(24635)
http://www.vupen.com/english/advisories/2006/0501
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0501
http://www.vupen.com/english/advisories/2006/0500
(UNKNOWN)  VUPEN  ADV-2006-0500
http://www.securityfocus.com/bid/16576
(UNKNOWN)  BID  16576
http://www.securityfocus.com/archive/1/archive/1/424692/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060210 Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows
http://www.securityfocus.com/archive/1/archive/1/424689/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060210 Secunia Research: Lotus Notes UUE File Handling Buffer Overflow
http://www.securityfocus.com/archive/1/archive/1/424666/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060210 Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow
http://www.securityfocus.com/archive/1/archive/1/424626/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060210 Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow
http://secunia.com/secunia_research/2005-66/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-66/advisory/
http://secunia.com/secunia_research/2005-37/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-37/advisory/
http://secunia.com/secunia_research/2005-36/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-36/advisory/
http://secunia.com/secunia_research/2005-34/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-34/advisory/
http://secunia.com/secunia_research/2005-32/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-32/advisory/

- 漏洞信息

IBM Lotus Notes文件附件处理多个远程溢出和目录遍历漏洞
高危 缓冲区溢出
2005-12-31 00:00:00 2007-10-29 00:00:00
远程  
        Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。
        IBM Lotus Notes中存在多个远程溢出和目录遍历漏洞,具体如下:
        IBM Lotus Notes的kvarcve.dll在解压ZIP文档创建压缩文件的完整路径名时存在栈溢出漏洞,如果用户在
        Notes附件浏览器中解压了带有超长文件名的压缩文件时可能导致执行任意代码。
        IBM Lotus Notes的uudrdr.dll在处理带有超长文件名的特制UUE文件时存在堆溢出漏洞,如果用户在Notes附件浏览器中打开了恶意的UUE文件的话就可能导致执行任意代码。
        IBM Lotus Notes的TAR阅读器(tarrdr.dll)在从TAR文档解压文件时存在栈溢出漏洞。如果用户解压了带有超长文件名的TAR文件的话就可能导致执行任意代码。但是,只有用户选择将恶意文件解压到有超长路径(多于220个字节)的目录中时才会出现这个漏洞。
        IBM Lotus Notes的HTML快速阅读器(htmsr.dll)中存在栈溢出漏洞。如果用户读取了包含有以"http"、"ftp"或"//"开始的超长(大约800个字符)链接的恶意邮件的话,就可能导致执行任意代码。
        IBM Lotus Notes的HTML阅读器在检查链接是否引用了本地文件时存在栈溢出漏洞。如果用户浏览了包含有超长链接的恶意邮件时就可能执行任意代码。
        IBM Lotus Notes的kvarcve.dll在从ZIP、UUE或TAR文档生成压缩文件预览时存在目录遍历漏洞。如果用户在Notes附件浏览器中预览了恶意文件的话就可能导致删除任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.ers.ibm.com/

- 漏洞信息 (F43737)

secunia-LotusNotesZIP.txt (PacketStormID:F43737)
2006-02-13 00:00:00
Tan Chew Keong  secunia.com
advisory,overflow,arbitrary
CVE-2005-2618
[点击下载]

Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when the user extracts a compressed file with a long filename from within the Notes attachment viewer. Affected versions is Lotus Notes 6.5.4.

====================================================================== 

                     Secunia Research 10/02/2006

           - Lotus Notes ZIP File Handling Buffer Overflow  -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Lotus Notes 6.5.4

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Lotus Notes, which
can be exploited by malicious people to compromise a user's system. 

The vulnerability is caused due to a boundary error in kvarcve.dll
when constructing the full pathname of a compressed file to check for
its existence before extracting it from a ZIP archive. This can be
exploited to cause a stack-based buffer overflow.

Successful exploitation allows execution of arbitrary code when the 
user extracts a compressed file with a long filename from within the
Notes attachment viewer.

====================================================================== 
4) Solution 

Update to version 6.5.5. 

====================================================================== 
5) Time Table 

03/08/2005 - Initial vendor notification.
03/08/2005 - Initial vendor response.
10/02/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-2618 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-37/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F43736)

secunia-LotusNotesUUE.txt (PacketStormID:F43736)
2006-02-13 00:00:00
Tan Chew Keong  secunia.com
advisory,overflow,arbitrary
CVE-2005-2618
[点击下载]

Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in uudrdr.dll when handling an UUE file containing an encoded file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in the Notes attachment viewer. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.

====================================================================== 

                     Secunia Research 10/02/2006

           - Lotus Notes UUE File Handling Buffer Overflow  -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Lotus Notes 6.5.4
* Lotus Notes 7.0

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly Critical
Impact: System access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Lotus Notes, which
can be exploited by malicious people to compromise a user's system. 

The vulnerability is caused due to a boundary error in uudrdr.dll when
handling an UUE file containing an encoded file with an overly long
filename. This can be exploited to cause a stack-based buffer
overflow.

Suucessful exploitation allows execution of arbitrary code when a
malicious UUE file is opened in the Notes attachment viewer.

====================================================================== 
4) Solution 

Update to version 6.5.5 or 7.0.1. 

====================================================================== 
5) Time Table 

05/08/2005 - Initial vendor notification.
05/08/2005 - Initial vendor response.
10/02/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
candidate number CAN-2005-2618 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-36/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F43735)

secunia-LotusNotesTar.txt (PacketStormID:F43735)
2006-02-13 00:00:00
Carsten Eiram  secunia.com
advisory,overflow,arbitrary
CVE-2005-2618
[点击下载]

Secunia Research has discovered a vulnerability in Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive. This can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename. Successful exploitation allows execution of arbitrary code, but requires that the user views a malicious TAR archive and chooses to extracts a compressed file to a directory with a very long path (more than 220 bytes). Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.

====================================================================== 

                     Secunia Research 10/02/2006

     - Lotus Notes TAR Reader File Extraction Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

Lotus Notes 6.5.4 and 7.0.

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less critical
Impact: System access
Where:  From remote

====================================================================== 
3) Vendor's Description of Software 

"IBM Lotus Notes continues to set the standard for innovation in the
messaging and collaboration market Lotus defined over a decade ago.
As an integrated collaborative environment, the Lotus Notes client
and the IBM Lotus Domino server combine enterprise-class messaging
and calendaring & scheduling capabilities with a robust platform for
collaborative applications".

Product Link:
http://www.lotus.com/products/product4.nsf/wdocs/noteshomepage

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Lotus Notes, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in the TAR reader
(tarrdr.dll) when extracting files from a TAR archive. This can be
exploited to cause a stack-based buffer overflow via a TAR archive
containing a file with a long filename.

Successful exploitation allows execution of arbitrary code, but
requires that the user views a malicious TAR archive and chooses to 
extracts a compressed file to a directory with a very long path
(more than 220 bytes).

====================================================================== 
5) Solution 

Update to version 6.5.5 or 7.0.1.

====================================================================== 
6) Time Table 

17/08/2005 - Vendor notified.
18/08/2005 - Vendor response.
10/02/2006 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-2618 for the vulnerability.

====================================================================== 
9) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-34/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F43734)

secunia-LotusNotesOverflow.txt (PacketStormID:F43734)
2006-02-13 00:00:00
Carsten Eiram  secunia.com
advisory,overflow,vulnerability
CVE-2005-2618
[点击下载]

Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.

====================================================================== 

                     Secunia Research 10/02/2006

      - Lotus Notes HTML Speed Reader Link Buffer Overflows -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

IBM Lotus Notes 6.5.4 and 7.0.

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly critical 
Impact: System Compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software

"IBM Lotus Notes continues to set the standard for innovation in the
messaging and collaboration market Lotus defined over a decade ago.
As an integrated collaborative environment, the Lotus Notes client
and the IBM Lotus Domino server combine enterprise-class messaging
and calendaring & scheduling capabilities with a robust platform for
collaborative applications". 

Product Link:
http://www.lotus.com/products/product4.nsf/wdocs/noteshomepage

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in Lotus Notes,
which can be exploited by malicious people to compromise a user's
system.

1) A boundary error exists in the HTML speed reader (htmsr.dll),
which is used for viewing HTML attachments in emails. This can be
exploited to cause a stack-based buffer overflow via a malicious
email containing an overly long link (about 800 characters) beginning
with either "http", "ftp", or "//".

Successful exploitation allows execution of arbitrary code with the 
privileges of the user running Lotus Notes, but requires that the user
follows a link in the HTML document.

2) A boundary error in the HTML speed reader when checking if
a link references a local file can be exploited to cause a stack-
based buffer overflow via a malicious email containing a specially
crafted, overly long link.

Successful exploitation allows execution of arbitrary code with the 
privileges of the user running Lotus Notes, as soon as the user views
the malicious HTML document.

====================================================================== 
5) Solution 

Update to version 6.5.5 or 7.0.1.

====================================================================== 
6) Time Table 

06/08/2005 - Vendor notified.
07/08/2005 - Vendor response.
10/02/2006 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-2618 for the vulnerabilities.

====================================================================== 
9) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-32/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息

23064
Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified, Coordinated Disclosure

- 漏洞描述

A remote overflow exists in Verity KeyView Viewer SDK. 'kvarcve.dll' fails to perform bounds checking when constructing the full pathname of a compressed file before extracting it from a ZIP archive, resulting in a stack based overflow. With a specially crafted ZIP archive, an attacker can cause arbitrary code execution when a compressed file with a long filename is extracted from within an application using the vulnerable viewer, resulting in a loss of integrity.

- 时间线

2006-02-10 Unknow
Unknow 2006-02-10

- 解决方案

Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities
Unknown 16576
Yes No
2006-02-10 12:00:00 2007-06-27 09:08:00
Discovered by Tan Chew Keong and Carsten Eiram.

- 受影响的程序版本

IBM Lotus Notes 6.5.4
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.2
IBM Lotus Notes 6.5.1
IBM Lotus Notes 6.5
IBM Lotus Notes 6.0.5
IBM Lotus Notes 6.0.4
IBM Lotus Notes 6.0.3
IBM Lotus Notes 6.0.2
IBM Lotus Notes 6.0.1
IBM Lotus Notes 7.0
IBM Lotus Notes 7.0.1
IBM Lotus Notes 6.5.5

- 不受影响的程序版本

IBM Lotus Notes 7.0.1
IBM Lotus Notes 6.5.5

- 漏洞讨论

IBM Lotus Notes is prone to multiple remote vulnerabilities. The buffer-overflow issues could allow arbitrary code execution in the context of the user running the application.

The issues are:

- A buffer overflow exists when extracting files from ZIP archives.
- A buffer overflow exists when extracting files from UUE encoded files.
- A buffer overflow exists when extracting files from TAR archives.
- A buffer overflow exists when handling HTML file attachments with malicious links.
- A directory traversal exists when generating previews of ZIP, UUE, and TAR archives. This could be exploited to overwrite arbitrary files in the context of the current user.


Lotus Notes 6.5.4 and 7.0 are prone to these issues. Other versions may also be vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

These issues have been addressed in Lotus Notes versions 6.5.5 and 7.0.1. Please contact the vendor to obtain fixes.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站