Notes/Domino Fix List
 |  |
| SPR # KEMG6FYPF2 | Fixed in 7.0.1 release | Security fix |
Product Area: Client Technical Area: Editor Platform: Cross Platform
SPR# KEMG6FYPF2 - Fixed a potential security issue.
Technote Number: 1229918
Problem:
These issues were reported to IBM Lotus Quality Engineering as SPR# KEMG6FZR4Q,
KEMG6FZRJD, KEMG6F2RCN, KEMG6F3PBT, KEMG6F3NZD, KEMG6FYPF2 and have been
addressed in Notes 6.5.5 and Notes 7.0.1. Refer to the Upgrade Central site for
details on upgrading Notes/Domino to these releases.
In general, users are strongly urged to use caution when opening or viewing
unsolicited file attachments.
To work around these issues in previous releases of Notes, the affected file
viewers can be disabled or replaced. The buffer overflow vulnerabilities
affect the following files: kvarcve.dll, uudrdr.dll, tarrdr.dll and
htmsr.dll. The directory traversal vulnerability affects the kvarcve.dll file.
There are three options for disabling these viewers:
1. Action: Delete the keyview.ini file in the Notes program directory.
Results: When a user clicks View (for any file), a dialog box will be
displayed with the message "Unable to locate the viewer configuration file."
This disables ALL viewers.
2. Action: Delete the problem files (kvarcve.dll, uudrdr.dll, htmsr.dll,
tarrdr.dll).
Result: When a user tries to view the specific file types (html pages,
zip/tar/uud archives), a dialog box will be displayed with the message "The
viewer display window could not be initialized." All other file types work
without returning the error message.
Optionally, copy the four 6.5.5 files (kvarcve.dll, uudrdr.dll, htmsr.dll,
tarrdr.dll) on top of the 6.x version you are running.
3. Action: Comment out specific lines in keyview.ini (by preceding the line
with an asterisk * ) for any references to the problem files (dlls). For
example:
[KVARCVE]
* 132=ziprdr.dll
* 194=tarrdr.dll
* 167=uudrdr.dll
[KVDOCVE]
2=afsr.dll
-1=hexsr.dll
117=mifsr.dll
13=dcasr.dll
32=dw4sr.dll
23=exesr.dll
153=afsr.dll
207=mimesr.dll
208=mimesr.dll
*210=htmsr.dll
*251=htmsr.dll
Result: When a user tries to view the specific file types (html files,
tar/uud/zip archives), a dialog box will be displayed with the message "The
viewer display window could not be initialized."
Additional background:
The attachments will not auto-execute upon opening or previewing the email
message; the file attachment must be opened by the user using one of the
affected file viewers (from the menu bar, Select "Attachment", then select
"View"). In some cases, further user action is also required to trigger the
exploit.
SPR# KEMG6F2RCN affects the uudrdr.dll file and requires that the user view a
malicious UUE file.
SPR# KEMG6F3NZD affects the htmsr.dll file and requires that the user view a
malicious HTML file attachment. To reliably reproduce this issue requires that
the user's Windows account name be exactly 5 characters in length.
SPR# KEMG6F3PBT affects the htmsr.dll file and requires that the user view a
malicious HTML file attachment AND then the user has to click on a URL link
inside the file.
SPR# KEMG6FZR4HQ affects the kvarcve.dll file and requires that the user view a
malicious ZIP file attachment AND extract a file with an overly long filename
into a directory with a long file name. Note that when viewing the attachment
and before extracting the file, an error message will also display in the
viewer.
SPR# KEMG6FYPF2 affects the tarrdr.dll file and requires that the user view a
malicious TAR file attachment and then extract a file with an overly long
filename into a directory with a very long path.
SPR# KEMG6FZRJD affects the kvarcve.dll file and requires that the user view a
malicious ZIP, TAR or UUE file attachment AND clicks on a filename that
contains the name and the path of a file that exists on the user's system.
Note:
The Domino server is not affected by these issues. More >
Last Modified on 02/13/2006
Go back
|