[NEWS] Lotus Domino Bindsock PATH Buffer Overflow Vulnerability

From: support@securiteam.com
Date: 04/30/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Tue, 30 Apr 2002 22:27:57 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Lotus Domino Bindsock PATH Buffer Overflow Vulnerability
------------------------------------------------------------------------

SUMMARY

Lotus Domino bindsock is vulnerable to a flaw that can allow a local
attacker to gain root privileges. The problem is due to insufficient
bounds checking with the PATH environment variable. An attacker can use a
PATH that, when processed, will execute arbitrary code.

DETAILS

Vulnerable systems:
 * Lotus Domino 5.0.4 on Linux, Sun Solaris
 * Lotus Domino 5.0.4a on Linux, Sun Solaris
 * Lotus Domino 5.0.5 on Linux, Sun Solaris
 * Lotus Domino 5.0.6 on Linux, Sun Solaris
 * Lotus Domino 5.0.6a on Linux, Sun Solaris
 * Lotus Domino 5.0.7 on Linux, Sun Solaris
 * Lotus Domino 5.0.7a on Linux, Sun Solaris
 * Lotus Domino 5.0.8 on Linux, Sun Solaris
 * Lotus Domino 5.0.9 on Linux, Sun Solaris

Immune systems:
 * Lotus Domino 5.0.9a on Linux, Sun Solaris

Technical Recommendation:
Upgrade with the latest version available. Lotus Domino version 5.0.9a is
not vulnerable to the issue.

ADDITIONAL INFORMATION

The information has been provided by
<mailto:researchteam5@esecurityonline.com> researchteam5.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NEWS] Lotus Domino Bindsock Arbitrary File Creation Vulnerability
    ... Lotus Domino for Solaris is vulnerable to a flaw that allows a local ... attacker to create arbitrary files. ... * Lotus Domino version 5.0.9a on Sun Solaris ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NEWS] Lotus Domino Bindsock Notes_ExecDirectory Buffer Overflow Vulnerability
    ... * Lotus Domino 5.0.4 on Linux ... * Lotus Domino 5.0.4a on Linux ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Strange permissions problem
    ... We have a redhat 9 linux system that has been used as a file and ... applications server for a cluster of Sun Solaris 9 systems. ... linux box. ...
    (alt.linux)
  • Re: Only execute bit - no copy
    ... > able to execute the program, but not allow it to be copied. ... > Now this works as intended on our sun solaris, HP-UX and IRIX systems, but ... > on Linux I can still copy the program. ... [igmar@wrkst igmar]$ mount ...
    (comp.unix.admin)
  • Re: Why recruiters are scum
    ... Skills in Linux (Sun Solaris ideally)" ... I expect last week they were selling kitchens. ...
    (uk.misc)