[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040106073309.5822.qmail@www.securityfocus.com>
Date: 6 Jan 2004 07:33:09 -0000
From: Rene <l0om@...luded.org>
To: bugtraq@...urityfocus.com
Subject: Lotus Notes Domino 6.0.2 (linux) faulty default permissions
Lotus Notes Domino 6.0.2 (linux)
for the installation it is recommended to add a new
user like "notes". after this you should log in as
root install the services. well, after i have done
this i have noticed the following.
there are faulty default permissions for the
important configuration file
/local/notesdata/notes.ini rw-rw-rw- notes notes
##############################################
by the way
/opt/lotus/LPSilent.ini rw-rw-rw- notes notes
cat /opt/lotus/LPSilent.ini | grep REM
REM This is the silent install ini configuration
file.
REM Please do not modifiy this file unless you are
sure of what you are doing....
pleeeeaaaase do not modifiy it :)
##############################################
because we are able to modify the notes.ini which is
a very important
configuration file , we are able to simply delte,
add or modify keys.
here is a great list of all nice keys we could add
or modify
http://www.drcc.com/A55711/ref/notesini.nsf
we could modify the CleanupScirptPath to a binary in
our $HOME which could
for example spawns a suid shell next time when its
executed.
we could change the
NotesProgram=/opt/lotus/notes/60020/linux
to some directory in our $HOME which includes links
to the needed
binarys to start the services in the ServerTask key.
Then we add a new
ServerTask - lets say "Router". Notes will try to
find a binary in our
faked directory called "router" which could spawn a
suid shell for us.
the notes services will start as the user
"notes" (this is recommended), which is able to view
sensetive files or start and stop the services...
me thinks the notes install routine should always
chmod such files automatic for security reasons.
by l0om
www.excluded.org
Powered by blists - more mailing lists