If you are running on the IBM i platform, you don't have to worry about
this issue. The remote console provided by Lotus is not supported on IBM
i. Why? Because the IBM i platform has since day 1, provided the
WRKDOMCSL command, which can be used to remotely (via any 5250 terminal)
connect to a Domino server and issue commands to the server.
rob@xxxxxxxxx
Sent by: domino400-bounces+cmc=us.ibm.com@xxxxxxxxxxxx
03/25/2011 08:16 AM
Please respond to Lotus Domino on the iSeries / AS400
To: domino400@xxxxxxxxxxxx
cc:
Subject: (0day) IBM Lotus Domino Server Controller
Authentication Bypass Remote Code Execution Vulnerability
Anyone address the following? If so, how?
(0day) IBM Lotus Domino Server Controller Authentication Bypass Remote
Code Execution Vulnerability
Zero Day Initiative's (ZDI) released a public announcement concerning a
vulnerability in IBM's Lotus Domino Server. The Domino server uses a user
supplied COOKIEFILE path variable to retrieve stored credentials when
authenticating the user. An attacker could supply a UNC path as the
COOKIEFILE where they control both the "known good credentials" and the
challenge credentials, thereby insuring a match. Successful exploitation
of this vulnerability could allow the attacker to execute arbritary code
as the SYSTEM user. IBM has not released a patch for this vulnerability,
yet, but they do offer means to mitigate the problem. The administrator
can set a console password, thus providing another layer of authentication
and can limit the available commands in the console. Restricting access to
port 2050/tcp on the servers running Domino Server to only the authorized
hosts that need access to the Domino Servers can further mitigate this
vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-11-110/
Rob Berendt
midrange.com
