Re: KPMG-2002006: Lotus Domino Physical Path Revea: msg#00040 security.bugtraq

02/04/2002 16:18:06, Peter Gründl <pgrundl@xxxxxxx> wrote :

>Problem:
>========
>Due to problems handling Windows DOS devices, the Domino Server
>can be brought to show the physical location of the web root.

>Corrective action:
>==================
>Upgrade to Lotus Domino V5.0.10, which can be downloaded here:
>http://www.notes.net/qmrdown.nsf

This upgrade solves the "banner disclosure" issue too, which was
presented to Bugtraq readers in my post regarding "physical path
disclosure" [1].

Apparently, the banner string was hard-coded in the "htcgibin.exe"
module ...

Thanks to Peter Gründl <pgrundl@xxxxxxx> for testing the lastest
Domino release for this bug.

[1] : http://online.securityfocus.com/archive/1/254768

Nicolas Gregoire
Exaprobe

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: packet filter fingerprinting(open but closed, closed but filtered): 00040, Jonas Eriksson
Next by Date:	Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows: 00040, Cisco Systems Product Security Incident Response Team
Previous by Thread:	KPMG-2002006: Lotus Domino Physical Path Revealedi: 00040, Peter Gründl
Next by Thread:	Re: KPMG-2002006: Lotus Domino Physical Path Revealed: 00040, Joe Testa
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: packet filter fingerprinting(open but closed, closed but filtered): 00040, Jonas Eriksson

Next by Date:

Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows: 00040, Cisco Systems Product Security Incident Response Team

Previous by Thread:

KPMG-2002006: Lotus Domino Physical Path Revealedi: 00040, Peter Gründl

Next by Thread:

Re: KPMG-2002006: Lotus Domino Physical Path Revealed: 00040, Joe Testa

Indexes:

[Date] [Thread] [Top] [All Lists]

Re: KPMG-2002006: Lotus Domino Physical Path Revealed: msg#00040

security.bugtraq