PT-2004-1244 · Ibm · Lotus Notes & Domino
L0Om
·
Published
2004-01-08
·
Updated
2024-02-14
·
CVE-2004-0029
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Lotus Notes Domino version 6.0.2
Description
The issue concerns a configuration file, specifically the notes.ini file, which is installed with world-writable permissions on Linux systems. This allows local users to modify the Notes configuration, potentially leading to privilege escalation.
Recommendations
For Lotus Notes Domino version 6.0.2, change the permissions of the notes.ini configuration file to prevent world-writable access, restricting modifications to authorized users only.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lotus Notes & Domino