IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
BID:20967
Info
IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
| Bugtraq ID: | 20967 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Nov 13 2006 07:26PM |
| Credit: | Andrew Christensen of FortConsult ApS is credited with discovering these issues. |
| Vulnerable: |
IBM Lotus Domino 7.0.1 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 6.5.4 FP 2 IBM Lotus Domino 6.5.4 FP 1 IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0 IBM Lotus Domino 6.0.5 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.3 IBM Lotus Domino 6.0.2 CF2 IBM Lotus Domino 6.0.2 IBM Lotus Domino 6.0.1 IBM Lotus Domino 6.0 IBM Lotus Domino 5.0.13 |
| Not Vulnerable: |
IBM Lotus Domino 7.0.2 IBM Lotus Domino 6.5.5 FP2 |
Discussion
IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
IBM Lotus Domino is prone to multiple local privilege-escalation vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
A local attacker can exploit these issues to gain superuser privileges. A successful exploit would lead to the complete compromise of affected computers.
IBM Lotus Domino versions prior to 6.5.5 Fix Pack 2 and 7.0.2 are vulnerable to these issues.
IBM Lotus Domino is prone to multiple local privilege-escalation vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
A local attacker can exploit these issues to gain superuser privileges. A successful exploit would lead to the complete compromise of affected computers.
IBM Lotus Domino versions prior to 6.5.5 Fix Pack 2 and 7.0.2 are vulnerable to these issues.
Exploit / POC
IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
Solution:
IBM has released an advisory along with fixes to address these issues. Please see the referenced advisory for more information on obtaining and applying fixes.
Solution:
IBM has released an advisory along with fixes to address these issues. Please see the referenced advisory for more information on obtaining and applying fixes.
References
IBM Lotus Domino Multiple TuneKrnl Local Privilege Escalation Vulnerabilities
References:
References: