New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IBM Lotus Notes DoS (CVE-2017-1129) #8989
Conversation
Thanks for your submission, @RootUp! Couple of small things:
Thanks! |
…/auxiliary/dos/http/ibm_lotus_notes.rb
Vulnerable ApplicationThis module exploits a vulnerability in, inbuilt web-browser of IBM lotus notes, the code uses java-script based URI encoding and create a object instance of encode URI due to the infinite loop it leads to Denial of Service. Working of Module
Security Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21999385 Regards |
@pbarry-r7 |
Hey @RootUp, thanks for the updates, I'll try to give this a check through in the next day or so here. Also, my bad on the link I provided above, I should have provided a link that clearly shows the separate markdown (.md) file for documentation, like this one. If you have a chance and wouldn't mind creating a new documentation/modules/auxiliary/dos/http/ibm_lotus_notes.md file and just paste in the markdown you provided in your comment 5 days ago in this PR, that'd be super (and if not, I can do it when I'm looking at this). Thx! |
Hi @pbarry-r7 I have created a new PR 9017, and created a markdown documentation for the same, hope it helps. Thank you :) |
Nice, thanks, @RootUp! I went ahead and cherry-picked that file into this PR, since they're related. |
Ugh, IBM apparently reviews each trial request for Notes client in order to satisfy US export laws. :/ Waiting on that, will verify once I get the vulnerable SW. |
Verified with IBM Lotus Notes 8.5.2 on Windows 7 Ultimate:
Then started IBM Notes in my Windows Ultimate VM, used Open->Web Browser to get the built-in browser, and pointed it at http://10.0.2.4:9092/mypath. And that did make my IBM Notes client app become unresponsive. Nice job, @RootUp! Thanks for the contribution. I've a couple very minor tweaks and will land here. |
Release NotesThis module targets versions of the IBM Lotus Notes client application vulnerable to CVE-2017-1129 to create a denial of service. |
Thank you @pbarry-r7 :) |
This module will exploit a vulnerability (CVE-2017-1129) found in some versions of IBM Lotus Notes client, making the application unresponsive and no longer usable.
Verification
msfconsole
use use auxiliary/dos/http/ibm_lotus_notes
set SRVHOST <IP of MSF system to act as server>
set SRVPORT <port of MSF system to act as server>
run
Security Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21999385