OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: researchteam5esecurityonline.com
Date: Mon Apr 29 2002 - 16:07:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    eSO Security Advisory: 4126
    Discovery Date: October 15, 2001
    ID: eSO:4126
    Title: Lotus Domino bindsock Notes_ExecDirectory
                            buffer overflow vulnerability
    Impact: Local attackers can gain root privileges
    Affected Technology: Lotus Domino 5.0.4 on Linux
                            Lotus Domino 5.0.4a on Linux
                            Lotus Domino 5.0.5 on Linux
                            Lotus Domino 5.0.6 on Linux
                            Lotus Domino 5.0.6a on Linux
                            Lotus Domino 5.0.7 on Linux
                            Lotus Domino 5.0.7a on Linux
                            Lotus Domino 5.0.8 on Linux
                            Lotus Domino 5.0.9 on Linux
    Vendor Status: Patches are available
    Discovered By: Kevin Kotas of the eSecurityOnline Research
                            and Development Team
    Technical Contributor: Richard Johnson of the eSecurityOnline
                            Research and Development Team
    CVE Reference: CAN-2002-0086

    Advisory Location:
    http://www.eSecurityOnline.com/advisories/eSO4126.asp

    Description:
    Lotus Domino bindsock is vulnerable to a buffer overflow condition
    that allows a local attacker to gain root privileges. The problem is
    due to insufficient bounds checking for the Notes_ExecDirectory
    environment variable. An attacker can use a string for
    Notes_ExecDirectory that, when processed, will execute arbitrary
    code.

    Technical Recommendation:
    Upgrade with the latest version available. Lotus Domino version
    5.0.9a is not vulnerable to the issue.

    Vendor Reference:
    Technote #191637

    Acknowledgements:
    eSecurityOnline would like to thank Lotus Security for their
    cooperation in resolving the issue.

    Copyright 2002 eSecurityOnline LLC. All rights reserved.

    THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
    ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
    AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
    NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
    CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
    THIS VULNERABILITY ALERT.