Title: Lotus Notes Client R5 File Existence Verification Vulnerability
Severity: MODERATE
Description:
Lotus Notes Client R5 is a messaging and collaboration tool that contains a built in web browser. The web browser implements a Java Virtual Machine (VM) designed specifically for Lotus Notes. A security vulnerability exists in the Execution Control List (ECL) feature within the Java VM that may allow a third party intruder to verify the existence of files on the system. The ECL utilizes a much more lenient ruleset when accessing local files than the standard Java security model implemented by JDK 1.1 which prohibits any access to local files. The ECL will present the user with a dialogue box whenever he/she attempts to read an existing local file if the getSystemResource() method of the java.lang.ClassLoader class is used. At this point, the user can either authorize execution or abort the operation.
By observing the time elapsed during execution, it is possible to verify the existence of files on the target machine through a specially crafted java applet. If a malicious website operator were to host such a java applet on their site, they would be able to determine what files exist on the visitor's systems.
Affected Products:
- Lotus Notes Client R5
References:
- Hiromitsu Takagi: Lotus Notes Client R5 ECL Vulnerability Demonstration page
- IBM: Lotus Notes R5 Client
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
