• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lotus Domino MS-DOS Device Path Disclosure Vulnerability

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

Vulnerable versions of Lotus Domino do not properly handle specially crafted requests for MS-DOS devices, causing sensitive path information to be disclosed to remote attackers.

Sensitive information gathered in this manner may aid the attacker in further attacks against the host running the vulnerable software.

This issue was reported for Lotus Domino v5.0.9a for Microsoft Windows platforms. Earlier versions may also be affected.