exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

e-11.lotus-ccmail-security-upgd

e-11.lotus-ccmail-security-upgd
Posted Sep 23, 1999

e-11.lotus-ccmail-security-upgd

SHA-256 | a9aafd6605a144478a6de1b7d80db7cf20932ace14ed7929dbd42d2f5296d283

e-11.lotus-ccmail-security-upgd

Change Mirror Download
             _____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________

Information Bulletin

Lotus cc:Mail Security Upgrade Available

March 7, 1994 900 PST Number E-11
______________________________________________________________________________
PROBLEM: Passwords are vulnerable on local hard drives
PLATFORM: Lotus cc:Mail Windows 2.0 and 2.01
DAMAGE: Accounts could be compromised if another person is allowed access
to a cc:Mail user's personal computer
SOLUTION: Retrieve and install cc:Mail 2.02 for Windows, then have all
users change their passwords.
______________________________________________________________________________

Critical Information about Lotus CCMAIL Security Upgrade

CIAC has received information from Lotus regarding a vulnerability in cc:Mail
for Windows. Under certain circumstances, the user's password can be viewed
on their local hard drive. This vulnerability exists only in cc:Mail Windows
2.0 and 2.01.

To correct the problem, a software upgrade, cc:Mail for Windows 2.02, has
been made available. This upgrade is contained in the file WINFIX.ZIP.
WINFIX.ZIP can be downloaded from three sources: anonymous ftp, CompuServe,
or the Lotus cc:Mail BBS. The file is available via anonymous ftp from
ftp.ccmail.com in the /pub/windows directory. On the anonymous ftp server,
WINFIX.ZIP is dated Feb 19 00:53 and is 279803 bytes long.

In CompuServe, perform the following commands:

a. Enter the Lotus forum by typing GO LOTUSC from any CompuServe prompt.
b. Enter Section 10 when prompted for which section.
c. From within Section 10, select "Download" and download the file
WINFIX.ZIP.

The Lotus cc:Mail BBS is available to everyone via modem. The telephone
number is (415) 691-0401. Your modem setting should be: 8 data bits, No
Parity, 1 stop bit. Once connected, go to the "File Area" by typing "F".
Select the download option and download the file WINFIX.ZIP. On the BBS,
WINFIX.ZIP is 279803 bytes long and is dated 2/18/94 at 2:02a.

After unzipping WINFIX.ZIP, the following files are available:

ccmail.exe 628656 bytes
readme.now 1062 bytes

Your next step is to install this upgrade. Change to the directory (which is
likely to be m:\ccmail) that contains the old version of ccmail.exe. Rename
the old copy of ccmail.exe to ccmail.old, and then copy the new ccmail.exe to
the directory. If cc:Mail for Windows has been installed on a network, the
system administrator only needs to change the network copy of ccmail.exe. If
cc:Mail for Windows has been installed locally, ccmail.exe must be installed
in the proper directory of every workstation.

After installation of ccmail.exe, all users should change their password.

______________________________________________________________________________

CIAC would like to thank Lally Thomas and Gary Schuppert of CDSI for bringing
this problem to our attention.
______________________________________________________________________________

For additional information or assistance, please contact CIAC:
Voice: (510) 422-8193
FAX: (510) 423-8002
STU-III: (510) 423-2604
E-mail: ciac@llnl.gov

Previous CIAC Bulletins and other information are available via anonymous FTP
from irbis.llnl.gov (IP address 128.115.19.60).
______________________________________________________________________________

PLEASE NOTE: Many users outside of the DOE and ESnet computing communities
receive CIAC bulletins. If you are not part of these communities, please
contact your agency's response team to report incidents. Your agency's team
will coordinate with CIAC. The Forum of Incident Response and Security Teams
(FIRST) is a world-wide organization. A list of FIRST member organizations
and their constituencies can be obtained by sending email to
docserver@first.org with an empty subject line and a message body containing
the line: send first-contacts.

This document was prepared as an account of work sponsored by an agency of the
United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately owned
rights. Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.
______________________________________________________________________________


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close