|
|
|
|
| |
Credit:
The information has been provided by Ollie Whitehouse.
|
| |
The vulnerability arises due to the mechanism used for Inter-Process Communication (IPC) between NLNOTES and NTASKLDR. IPC is performed via memory mapped files. When the files are created a NULL is passed to the ACL parameter resulting in EVERYONE being granted 'full-control'.
The result of this is that an attacker can read the contents of any users Lotus Notes session when deployed in shared user environments such as Terminal Services or Citrix. The data which is accessible ranges from e-mail through to databases and associated Lotus Script.
It should be noted that this vulnerability could also be used to write to the memory mapped files. The impact of which is that an attacker could potentially inject active content such as Lotus Script.
Vendor Response:
* Fixed for the Notes client with 6.5.6, 7.0.3 and 8.0
* Fixed for the Domino server with 6.5.5 FP3, 6.5.6, 7.0.2 FP1, 7.0.3, 8.0
The fix requires that "SharedMemoryAllowOnly=1" be set in the notes.ini file. Additional details about the notes.ini variable is available in technote #1257030: http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21257030
Recommendation:
Update to a secure version of Notes client and Domino server. Implement the appropriate notes.ini fix.
CVE Information:
CVE-2007-5544
|
|
|
|
|
