[NEWS] IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 4 Apr 2007 16:47:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow
Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www-142.ibm.com/software/sw-lotus/domino > IBM Lotus Domino
Server software "provides messaging, calendaring and scheduling
capabilities on a variety of operating systems".
Remote exploitation of a heap overflow vulnerability in the LDAP component
of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to
cause denial of service or execute arbitrary code.
DETAILS
Vulnerable Systems:
* Directory Service (LDAP) component of Lotus Domino Server versions
7.0.1 and 7.0.1.1.
When a malformed request is made to the LDAP component of a Lotus Domino
Enterprise Server, a heap overflow can be triggered. The vulnerability
specifically exists in the handling of strings larger than 65535 bytes.
When a string longer than this value is encountered, the service allocates
memory using only the lower 16-bits of the string length. Since the entire
string is subsequently copied into the newly allocated buffer, a
heap-overflow occurs.
Exploitation of this vulnerability allows attackers to crash the LDAP
service or potentially execute arbitrary code on the affected host.
In order to attempt exploitation, attackers must be able to connect to the
LDAP service.
Although the service does not run as root, it does run as the same user as
many other components of the Lotus Domino Server. Because of this an
attacker may gain access to sensitive information or be able to
maliciously subvert the server in other ways.
Vendor Status:
IBM Lotus has addressed this vulnerability in the 6.5.6 and 7.0.2 FP1
releases of Domino. For more information consult
<http://www-1.ibm.com/support/docview.wss?uid=swg21257248 > IBM Technote
swg21257248.
Disclosure Timeline:
* 10/09/2006 - Initial vendor notification
* 10/10/2006 - Initial vendor response
* 03/28/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow
- Next by Date: [UNIX] IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
- Previous by thread: [NT] Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow
- Next by thread: [UNIX] IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
- Index(es):
Relevant Pages
|
