Linux Today: Linux News On Internet Time.

More on LinuxToday

SearchEnterpriseLinux: Vulnerability Found in Lotus Notes for Linux

Jan 13, 2004, 18:00 (4 Talkback[s])
(Other stories by Edmund X. DeJesus)

[ Thanks to Michael S. Mimoso for this link. ]

"A local vulnerability in a Lotus Notes for Linux configuration file could allow a malicious user to manipulate the values of essential configuration parameters and gain access to files.

"When installing Lotus Notes for Linux, the default permissions for the 'notesdata/notes.ini' configuration file are '666.' This gives malicious local users the ability to open the file, change the values of configuration parameters and save them. The local copy of Notes would then run using these altered parameter values, which could cause Notes to operate improperly and possibly destroy or alter data..."

Complete Story

Related Stories: