Signature Detail

APP: IBM Lotus Domino Remote Console Auth Bypass

This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino. Attackers could bypass security restrictions to gain unauthorized access to user accounts and execute arbitrary code.

Extended Description

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Affected Products

• Ibm lotus_domino 7.0
• Ibm lotus_domino 7.0.1
• Ibm lotus_domino 7.0.1.1
• Ibm lotus_domino 7.0.2
• Ibm lotus_domino 7.0.2.1
• Ibm lotus_domino 7.0.2.2
• Ibm lotus_domino 7.0.2.3
• Ibm lotus_domino 7.0.3
• Ibm lotus_domino 7.0.3.1
• Ibm lotus_domino 7.0.4
• Ibm lotus_domino 7.0.4.1
• Ibm lotus_domino 7.0.4.2
• Ibm lotus_domino 8.0
• Ibm lotus_domino 8.0.1
• Ibm lotus_domino 8.0.2
• Ibm lotus_domino 8.0.2.1
• Ibm lotus_domino 8.0.2.2
• Ibm lotus_domino 8.0.2.3
• Ibm lotus_domino 8.0.2.4
• Ibm lotus_domino 8.0.2.5
• Ibm lotus_domino 8.0.2.6
• Ibm lotus_domino 8.5.0
• Ibm lotus_domino 8.5.0.1
• Ibm lotus_domino 8.5.1
• Ibm lotus_domino 8.5.1.1
• Ibm lotus_domino 8.5.1.2
• Ibm lotus_domino 8.5.1.3
• Ibm lotus_domino 8.5.1.4
• Ibm lotus_domino 8.5.1.5
• Ibm lotus_domino 8.5.2
• Ibm lotus_domino 8.5.2.1
• Ibm lotus_domino 8.5.2.2
• Ibm lotus_domino 8.5.3

References

• BugTraq: 46985
• CVE: CVE-2011-1519
• URL: http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominohomepage