OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: researchteam5esecurityonline.com
Date: Mon Apr 29 2002 - 16:00:15 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    eSO Security Advisory: 4124
    Discovery Date: October 15, 2001
    ID: eSO:4124
    Title: Lotus Domino bindsock PATH buffer overflow
                            vulnerability
    Impact: Local attackers can gain root privileges
    Affected Technology: Lotus Domino 5.0.4 on Linux, Sun Solaris
                            Lotus Domino 5.0.4a on Linux, Sun Solaris
                            Lotus Domino 5.0.5 on Linux, Sun Solaris
                            Lotus Domino 5.0.6 on Linux, Sun Solaris
                            Lotus Domino 5.0.6a on Linux, Sun Solaris
                            Lotus Domino 5.0.7 on Linux, Sun Solaris
                            Lotus Domino 5.0.7a on Linux, Sun Solaris
                            Lotus Domino 5.0.8 on Linux, Sun Solaris
                            Lotus Domino 5.0.9 on Linux, Sun Solaris
    Vendor Status: Patches are available
    Discovered By: Kevin Kotas of the eSecurityOnline Research
                            and Development Team
    Technical Contributor: Richard Johnson of the eSecurityOnline
                            Research and Development Team
    CVE Reference: CAN-2002-0086

    Advisory Location:
    http://www.eSecurityOnline.com/advisories/eSO4124.asp

    Description:
    Lotus Domino bindsock is vulnerable to a flaw that can allow a local
    attacker to gain root privileges. The problem is due to insufficient
    bounds checking with the PATH environment variable. An attacker can
    use a PATH that, when processed, will execute arbitrary code.

    Technical Recommendation:
    Upgrade with the latest version available. Lotus Domino version 5.0.9a
    is not vulnerable to the issue.

    Vendor Reference:
    Technote #191634

    Acknowledgements:
    eSecurityOnline would like to thank Lotus Security for their cooperation
    in resolving the issue.

    Copyright 2002 eSecurityOnline LLC. All rights reserved.

    THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
    ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
    AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
    NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
    CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
    THIS VULNERABILITY ALERT.