Gain a shell remotely : Lotus Domino Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11338

Categoría: Gain a shell remotely

Título: Lotus Domino Vulnerabilities

Resumen: NOSUMMARY

Descripción: Description:

The remote Lotus Domino server, according to its version number,
is vulnerable to various buffer overflows affecting it when
it acts as a client (through webretriever) or in LDAP.

An attacker may use these to disable this server or
execute arbitrary commands on the remote host.

References :
http://www.rapid7.com/advisories/R7-0011.html
http://www.rapid7.com/advisories/R7-0012.html

Solution : Update to Domino 5.0.12 or 6.0.1
Risk factor : High

Referencia Cruzada: BugTraq ID: 3041
BugTraq ID: 7038
BugTraq ID: 7039
Common Vulnerability Exposure (CVE) ID: CVE-2003-0123
http://www.securityfocus.com/bid/7038
Bugtraq: 20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow (Google Search)
http://marc.info/?l=bugtraq&m=104757545500368&w=2
http://www.cert.org/advisories/CA-2003-11.html
CERT/CC vulnerability note: VU#411489
http://www.kb.cert.org/vuls/id/411489
Computer Incident Advisory Center Bulletin: N-065
http://www.ciac.org/ciac/bulletins/n-065.shtml
http://www.rapid7.com/advisories/R7-0011.html
XForce ISS Database: lotus-web-retriever-bo(11525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11525
Common Vulnerability Exposure (CVE) ID: CVE-2001-1311
http://www.securityfocus.com/bid/3041
Bugtraq: 20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression (Google Search)
http://www.securityfocus.com/archive/1/314909/30/25520/threaded
http://www.cert.org/advisories/CA-2001-18.html
CERT/CC vulnerability note: VU#583184
http://www.kb.cert.org/vuls/id/583184
Computer Incident Advisory Center Bulletin: L-116
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
XForce ISS Database: domino-ldap-protos-bo(6895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6895

Copyright This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11338
Categoría:	Gain a shell remotely
Título:	Lotus Domino Vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote Lotus Domino server, according to its version number, is vulnerable to various buffer overflows affecting it when it acts as a client (through webretriever) or in LDAP. An attacker may use these to disable this server or execute arbitrary commands on the remote host. References : http://www.rapid7.com/advisories/R7-0011.html http://www.rapid7.com/advisories/R7-0012.html Solution : Update to Domino 5.0.12 or 6.0.1 Risk factor : High
Referencia Cruzada:	BugTraq ID: 3041 BugTraq ID: 7038 BugTraq ID: 7039 Common Vulnerability Exposure (CVE) ID: CVE-2003-0123 http://www.securityfocus.com/bid/7038 Bugtraq: 20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow (Google Search) http://marc.info/?l=bugtraq&m=104757545500368&w=2 http://www.cert.org/advisories/CA-2003-11.html CERT/CC vulnerability note: VU#411489 http://www.kb.cert.org/vuls/id/411489 Computer Incident Advisory Center Bulletin: N-065 http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.rapid7.com/advisories/R7-0011.html XForce ISS Database: lotus-web-retriever-bo(11525) https://exchange.xforce.ibmcloud.com/vulnerabilities/11525 Common Vulnerability Exposure (CVE) ID: CVE-2001-1311 http://www.securityfocus.com/bid/3041 Bugtraq: 20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression (Google Search) http://www.securityfocus.com/archive/1/314909/30/25520/threaded http://www.cert.org/advisories/CA-2001-18.html CERT/CC vulnerability note: VU#583184 http://www.kb.cert.org/vuls/id/583184 Computer Incident Advisory Center Bulletin: L-116 http://ciac.llnl.gov/ciac/bulletins/l-116.shtml http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ XForce ISS Database: domino-ldap-protos-bo(6895) https://exchange.xforce.ibmcloud.com/vulnerabilities/6895
Copyright	This script is Copyright (C) 2003 Renaud Deraison