DominoSecurity Newsletter
(from
DominoSecurity.org
)
Date:
07/01/2004
Title:
Two recent vulnerabilities -- cross-site scripting and notes URLs
Contents:
Hello DominoSecurity readers,
Sometimes I wish Domino were attacked as often as Windows, then I would have more to write about. (Joking -- I don't really wish for this.) There are two recent issues that have come up however. Below is a link to the SearchDomino article about them, which I contributed to. Be sure to notice
the "additional info" box on the left, the third link points to the original information.
searchdomino.techtarget.com/originalContent/0,289142,sid4_gci990132,00.html
- The first item (cross-site scripting) is reported in a vague way, and it does not appear that it was ever exploited.
- The second item is described in more detail, and relates to a registry setting that allows someone to construct browser URLs of the format "notes:<arguments>". With this registry setup, the browser will launch the Notes client software for these URLs. This is a known and supported feature. However, a clever attacker can use this feature to point Notes toward a bogus INI file, which points to a bogus Notes data directory, which contains malicious DLLs. I believe this was a true vulnerability, with potentially serious consequences. But my comment to SearchDomino was "attackers would really have to know what they're doing in order to exploit it" -- which sums up my thoughts pretty well.
If you have any questions about these issues, or any others, feel free to contact me directly.
Chuck Connell
781-939-0505 (office)
connell@chc-3.com
-- email
www.chc-3.com
-- My home page
www.DominoAdministration.com
-- Outsourced administration services for Domino and Notes
www.DominoSecurity.org
-- The best source for security information about Domino and Notes
(NOTE: I use a spam filter for inbound mail. In some cases, this filter
rejects legitimate messages. If I do not answer your mail, please call
me on the phone.)