IBM Lotus Notes kvarcve.dll compressed file preview directory traversal

lotus-kvarcve-directory-traversal (24637)

Medium Risk

Description:

IBM Lotus Notes could allow a remote attacker to traverse directories and delete arbitrary files on a victim's system. A remote attacker could create a malicious ZIP, UUE or TAR file containing a compressed file with "dot dot" sequences (../) in the file name, which would allow the attacker to traverse directories and delete arbitrary files on the victim's system, once the victim previews the compressed file from within the Notes attachment viewer.

Note: This vulnerability also affects Verity KeyView SDK.

Platforms Affected:

• Autonomy, KeyView Export SDK
• Autonomy, KeyView Filter SDK
• Autonomy, KeyView Viewer SDK
• IBM, Lotus Notes 6.0
• IBM, Lotus Notes 6.0.1
• IBM, Lotus Notes 6.0.1.1
• IBM, Lotus Notes 6.0.1.2
• IBM, Lotus Notes 6.0.1.3
• IBM, Lotus Notes 6.0.2.1
• IBM, Lotus Notes 6.0.2.2
• IBM, Lotus Notes 6.0.3
• IBM, Lotus Notes 6.0.4
• IBM, Lotus Notes 6.0.5
• IBM, Lotus Notes 6.5
• IBM, Lotus Notes 6.5.1
• IBM, Lotus Notes 6.5.2
• IBM, Lotus Notes 6.5.2.1
• IBM, Lotus Notes 6.5.3
• IBM, Lotus Notes 6.5.3.1
• IBM, Lotus Notes 7.0

Remedy:

Upgrade to the latest version of IBM Lotus Notes (6.5.5 or later) or (7.0.1 or later), available from the IBM Software Support Web site. See References.

For Verity KeyView SDK:
Upgrade to the latest version of KeyView SDK (9.2.0 or later), available from the Verity Web site. See Referneces.

Consequences:

File Manipulation

References:

• IBM Software Support Web site, Lotus Support at http://www-306.ibm.com/software/lotus/support/upgradecentral/index.html.
• Lotus Support Services Technote 1229918, Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers at http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918.
• Verity Web site, Verity Products - Keyview at http://www.verity.com/products/oem/keyview/.
• BID-16576: IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities
• CVE-2005-2619: Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
• OSVDB ID: 23066: Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion
• SA16100: Verity KeyView SDK Multiple Vulnerabilities
• SA16280: IBM Lotus Notes Multiple Vulnerabilities
• SECTRACK ID: 1015657: IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files
• VUPEN/ADV-2006-0500: IBM Lotus Notes Buffer Overflow and Directory Traversal Vulnerabilities

Reported:

Feb 10, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page