Lotus Domino bindsock PATH Buffer Overflow Vulnerability

Lotus Domino is a high performance collection of applications based on messaging, collaboration, scheduling and calendaring. Domino is available on a wide range of platforms, including Linux, Windows, AS/400 and many Unix based systems.

Lotus Domino for UNIX systems ships with a setuid root utility called 'bindsock'.

This program contains a locally exploitable buffer overflow condition related to handling of the PATH environment variable. It is reportedly possible for a local user to elevate privileges if this vulnerability is successfully exploited.


 

Privacy Statement
Copyright 2010, SecurityFocus