[VulnWatch] eSecurityOnline Security Advisory 4124 - Lotus Domino bindsock PA TH buffer overflow vulnerability

From: researchteam5@esecurityonline.com
Date: Mon Apr 29 2002 - 17:00:15 EDT

• Next message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 4125 - Lotus Domino bindsock ar bitrary file creation vulnerability"
• Previous message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

eSO Security Advisory: 4124
Discovery Date: October 15, 2001
ID: eSO:4124
Title: Lotus Domino bindsock PATH buffer overflow
                        vulnerability
Impact: Local attackers can gain root privileges
Affected Technology: Lotus Domino 5.0.4 on Linux, Sun Solaris
                        Lotus Domino 5.0.4a on Linux, Sun Solaris
                        Lotus Domino 5.0.5 on Linux, Sun Solaris
                        Lotus Domino 5.0.6 on Linux, Sun Solaris
                        Lotus Domino 5.0.6a on Linux, Sun Solaris
                        Lotus Domino 5.0.7 on Linux, Sun Solaris
                        Lotus Domino 5.0.7a on Linux, Sun Solaris
                        Lotus Domino 5.0.8 on Linux, Sun Solaris
                        Lotus Domino 5.0.9 on Linux, Sun Solaris
Vendor Status: Patches are available
Discovered By: Kevin Kotas of the eSecurityOnline Research
                        and Development Team
Technical Contributor: Richard Johnson of the eSecurityOnline
                        Research and Development Team
CVE Reference: CAN-2002-0086

Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO4124.asp

Description:
Lotus Domino bindsock is vulnerable to a flaw that can allow a local
attacker to gain root privileges. The problem is due to insufficient
bounds checking with the PATH environment variable. An attacker can
use a PATH that, when processed, will execute arbitrary code.

Technical Recommendation:
Upgrade with the latest version available. Lotus Domino version 5.0.9a
is not vulnerable to the issue.

Vendor Reference:
Technote #191634

Acknowledgements:
eSecurityOnline would like to thank Lotus Security for their cooperation
in resolving the issue.

Copyright 2002 eSecurityOnline LLC. All rights reserved.

THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
THIS VULNERABILITY ALERT.

• Next message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 4125 - Lotus Domino bindsock ar bitrary file creation vulnerability"
• Previous message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:36 EDT