Gravité: : Critique
  Date du conseil: 04 février 2011

  Description

Lotus Domino 5.0.6 or lower versions has a vulnerability wherein a remote user can gain access to a known file residing in the server. A specially crafted request can be sent to access a known filename which will display the content of the file with read permission. This could enable a remote attacker to gain access to systems files, password files, etc, that could lead to a complete compromise of the host.

  Information Exposure Rating:

Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10173 or later.
Download the latest NVW pattern file from the following site:   
http://www.trendmicro.com/download/product.asp?productid=45

  Affected software and version:

  • Lotus Domino 5.0.6
  • Lotus Domino 5.0.5
  • Lotus Domino 5.0.3
  • Lotus Domino 5.0.2