SMTP: Lotus Notes notes.ini Redirection

This signature detects URL links to an external notes.ini file (the configuration file for a Lotus Notes client). Lotus Notes Domino Server versions 6.0.x and 6.5.x are vulnerable. Because a Lotus Notes client enables users to specify a configuration file, attackers can entice potential targets to use a malicious file provided in a Web page or e-mail message.

Extended Description

A vulnerability is reported to affect the way Lotus Notes URIs are handled. The vulnerability exists due to a lack of sufficient input validation performed on Lotus Notes URIs. By controlling influencing notes.ini content, it is possible for a remote attacker to execute arbitrary code. Code execution will occur in the context of the user who is running the vulnerable instance of Lotus Notes. It should be noted that this issue is not present in Lotus Notes R5 or 4.6x.

Affected Products

Ibm lotus_notes

References

BugTraq: 10600

CVE: CVE-2004-0480

URL: http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510

Short Name

SMTP:MAL:NOTES-INI-SMTP

Severity

Minor

Recommended

False

Recommended Action

None

SMTP: Lotus Notes notes.ini Redirection

Extended Description

Affected Products

References

Found a potential security threat?