• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Lotus Domino bindsock PATH Buffer Overflow Vulnerability

Severity: MODERATE

Description:

Lotus Domino is a high performance collection of applications based on messaging, collaboration, scheduling and calendaring. Domino is available on a wide range of platforms, including Linux, Windows, AS/400 and many Unix based systems.

Lotus Domino for UNIX systems ships with a setuid root utility called 'bindsock'.

This program contains a locally exploitable buffer overflow condition related to handling of the 'PATH' environment variable. It is reportedly possible for a local user to elevate privileges if this vulnerability is successfully exploited.

The cause of this vulnerability is an unbounded string copy operation. When the program is invoked, the value of the 'PATH' environment variable is copied into a local buffer. If the number of characters in this string exceeds the size of the destination buffer, the excessive data will overwrite neighbouring memory on the stack. It may be possible for an attacker to corrupt the function stack frame so that arbitrary code is executed when the procedure returns. Because the program is setuid, the attacker-supplied code would be executed with the effective userid of the file owner.

Successful exploitation may result in a compromise root privileges on the target host.

Affected Products:

• Lotus Domino 5.0.0
• Lotus Domino 5.0.1
• Lotus Domino 5.0.2
• Lotus Domino 5.0.3
• Lotus Domino 5.0.4
• Lotus Domino 5.0.4 a
• Lotus Domino 5.0.5
• Lotus Domino 5.0.5 -french
• Lotus Domino 5.0.6
• Lotus Domino 5.0.6 a
• Lotus Domino 5.0.7
• Lotus Domino 5.0.7 a
• Lotus Domino 5.0.8
• Lotus Domino 5.0.8 -french
• Lotus Domino 5.0.9

References:

• IBM: Lotus Domino PATH Buffer Overflow Vulnerability
• IBM: Lotus Domino Product Homepage
• eSecurityOnline: eSO Security Advisory: 4124

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.