Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   IBM iNotes and Domino Vendors:   IBM
Lotus Domino 'bindsock' PATH Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges on the System
SecurityTracker Alert ID:  1003838
SecurityTracker URL:
CVE Reference:   CVE-2002-0086   (Links to External Site)
Date:  Mar 17 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0.9 and prior versions
Description:   A buffer overflow vulnerability was reported in Lotus Domino. A local user can execute arbitrary code to gain root access on the system.

A buffer overflow has been reported in Lotus Domino bindsock. A local user can reportedly supply a long PATH environment variable to trigger the overflow and cause arbitrary code to be executed on the system with root level privileges.

Impact:   A local user can execute arbitrary code on the system with root level privileges to gain root level access on the system.
Solution:   The vendor has released a fixed version (5.0.9a).
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  Lotus Domino PATH Buffer Overflow Vulnerability

Lotus Domino PATH Buffer Overflow Vulnerability


Number:  191634


Lotus Domino on UNIX platforms is vulnerable to a flaw that can allow a
local attacker to gain root privileges. The problem is due to
insufficient bounds checking with the PATH environment variable. An
attacker can use a PATH that, when processed, will execute arbitrary


This issue was reported to Lotus Software Quality Engineering and has
been addressed in Domino 5.0.9a. Upgrade to R5.0.9a to resolve the

Excerpt from the Lotus Notes and Lotus Domino Release 5.0.9a MU
(available from ): 

     Networking & Dialup - TCP 
          SPR# KSPR54W2J6 - Fixed a potential security issue. 

Supporting Information 

Related Documents 
Lotus Domino Arbitrary File Creation Vulnerability
Document #: 191636

Lotus Domino Notes_ExecDirectory Buffer Overflow Vulnerability
Document #: 191637

Reported to Lotus by eSecurityOnline -->


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC