Lotus Domino Notes_ExecDirectory Buffer Overflow Vulnerability

Lotus Domino is a high performance collection of applications based on
messaging, collaboration, scheduling and calendaring. Domino is available
on a wide range of platforms, including Linux, Windows, AS/400 and many
Unix based systems.

Lotus Domino for UNIX systems ships with a setuid root utility called 'bindsock'.

This program is prone to a locally exploitable buffer overflow. This is due to insufficient bounds checking of the Notes_ExecDirectory environment variable, and may allow an attacker to execute arbitrary instructions. This may potentially be exploited to gain root privileges on a host running the vulnerable software.


Privacy Statement
Copyright 2010, SecurityFocus