IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
BID:13447
Info
IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
| Bugtraq ID: | 13447 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1442 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 29 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Ollie Whitehouse of Symantec is credited with the discovery of this issue. |
| Vulnerable: |
IBM Lotus Notes 6.5.3 IBM Lotus Notes 6.5.2 IBM Lotus Notes 6.5.1 IBM Lotus Notes 6.5 IBM Lotus Notes 6.0.4 IBM Lotus Notes 6.0.3 IBM Lotus Notes 6.0.2 IBM Lotus Notes 6.0.1 IBM Lotus Notes 6.0 |
| Not Vulnerable: |
IBM Lotus Notes 6.5.4 IBM Lotus Notes 6.0.5 |
Discussion
IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
Lotus Notes is affected by a local buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate privilege escalation.
Lotus Notes is affected by a local buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate privilege escalation.
Exploit / POC
IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
Solution:
The vendor has released upgrades dealing with this issue. Users are advised to contact the vendor for more information on obtaining upgraded software. For more information, please see the reference section.
Solution:
The vendor has released upgrades dealing with this issue. Users are advised to contact the vendor for more information on obtaining upgraded software. For more information, please see the reference section.
References
IBM Lotus Notes Local NOTES.INI Buffer Overflow Vulnerability
References:
References: