SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   IBM iNotes and Domino Vendors:   IBM
Lotus Domino 'bindsock' PATH Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges on the System
SecurityTracker Alert ID:  1003838
SecurityTracker URL:  http://securitytracker.com/id/1003838
CVE Reference:   CVE-2002-0086   (Links to External Site)
Date:  Mar 17 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0.9 and prior versions
Description:   A buffer overflow vulnerability was reported in Lotus Domino. A local user can execute arbitrary code to gain root access on the system.

A buffer overflow has been reported in Lotus Domino bindsock. A local user can reportedly supply a long PATH environment variable to trigger the overflow and cause arbitrary code to be executed on the system with root level privileges.

Impact:   A local user can execute arbitrary code on the system with root level privileges to gain root level access on the system.
Solution:   The vendor has released a fixed version (5.0.9a).
Vendor URL:  www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=D52DF997ABFFFC8385256B7D0062AD5C (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Lotus Domino PATH Buffer Overflow Vulnerability


Lotus Domino PATH Buffer Overflow Vulnerability

Technotes


Number:  191634


Problem 

Lotus Domino on UNIX platforms is vulnerable to a flaw that can allow a
local attacker to gain root privileges. The problem is due to
insufficient bounds checking with the PATH environment variable. An
attacker can use a PATH that, when processed, will execute arbitrary
code.

Solution 

This issue was reported to Lotus Software Quality Engineering and has
been addressed in Domino 5.0.9a. Upgrade to R5.0.9a to resolve the
problem.

Excerpt from the Lotus Notes and Lotus Domino Release 5.0.9a MU
(available from http://www.notes.net ): 

     Networking & Dialup - TCP 
          SPR# KSPR54W2J6 - Fixed a potential security issue. 


Supporting Information 


Related Documents 
Lotus Domino Arbitrary File Creation Vulnerability
Document #: 191636  
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=93B3ED336951525385256B7D006A3CE3

Lotus Domino Notes_ExecDirectory Buffer Overflow Vulnerability
Document #: 191637  
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=92579CFD6F92B39A85256B7D006AC89B

Reported to Lotus by eSecurityOnline -->
http://www.esecurityonline.com/advisories/eSO4124.asp


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC