| « IBM Lotus Domino RPC Operation Denial of Service Vulnerability | IBM Sametime client for iOS » |
IBM Lotus Domino Remote Console Authentication Bypass Vulnerability
Via SecurityFocus:
IBM Lotus Domino is prone to a remote authentication-bypass vulnerability.
Successfully exploiting this issue will allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
The following exploit is available:
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
References:
| Bugtraq ID: | 46985 |
| Class: | Unknown |
| CVE: |
CVE-2011-1519 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2011 12:00AM |
| Updated: | Dec 01 2011 06:36AM |
| Credit: | Patrik Karlsson |
| Vulnerable: |
IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5.1 Fix Pack 2 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2 Fix Pack 5 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.0.1 IBM Lotus Domino 7.0.4 IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1) IBM Lotus Domino 7.0.3 IBM Lotus Domino 7.0.2 FP3 IBM Lotus Domino 7.0.2 FP2 IBM Lotus Domino 7.0.2 FP1 IBM Lotus Domino 7.0.2 IBM Lotus Domino 7.0.1 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.6 IBM Lotus Domino 6.5.5 FP3 IBM Lotus Domino 6.5.5 FP2 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 6.5.4 FP 2 IBM Lotus Domino 6.5.4 FP 1 IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 FP 1 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0 IBM Lotus Domino 6.0.5 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.3 IBM Lotus Domino 6.0.2 CF2 IBM Lotus Domino 6.0.2 IBM Lotus Domino 6.0.1 IBM Lotus Domino 6.0 IBM Lotus Domino 5.0.13 IBM Lotus Domino 8.5.2 FP3 IBM Lotus Domino 8.5.1.1 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.5 FP1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0 IBM Lotus Domino 0 |
| Not Vulnerable: | |
IBM Lotus Domino is prone to a remote authentication-bypass vulnerability.
Successfully exploiting this issue will allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
The following exploit is available:
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
References:
2 comments
Comment from: Alexey SIntsov [Visitor]
There is TWO bugs in ONE function.
Patrik found UNC path, i've found funny XML parser. So, IBM fix only UNC. And "Failed exploit attempts will result in a denial-of-service condition." - it is not true 8)
12/01/11 @ 14:09
Hi Alexey,
I'm very interested in what the result is then?
Not that I think that many organisations will have to face external threats for this port, but still
I'm very interested in what the result is then?
Not that I think that many organisations will have to face external threats for this port, but still
12/01/11 @ 14:52
Comment feed for this postLeave a comment
Yet another Domino/Websphere Admin blog.
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
