SearchEnterpriseLinux: Vulnerability Found in Lotus Notes for Linux

[ Thanks to Michael S. Mimoso for this link. ]

"A local vulnerability in a Lotus Notes for Linux configuration file could allow a malicious user to manipulate the values of essential configuration parameters and gain access to files.

"When installing Lotus Notes for Linux, the default permissions for the 'notesdata/notes.ini' configuration file are '666.' This gives malicious local users the ability to open the file, change the values of configuration parameters and save them. The local copy of Notes would then run using these altered parameter values, which could cause Notes to operate improperly and possibly destroy or alter data..."

Complete Story

Related Stories:

• InternetWeek: Lotus Preaches Richness, Open Source For Future Domino Apps(Nov 06, 2003)
• internetnews.com: IBM Boosts Presence, Awareness with Lotus 6.5(Sep 24, 2003)
• Lotus Advisor: OpenNTF: The Future of Notes/Domino?(Nov 06, 2002)