BID:23174

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

Info

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

Bugtraq ID:	23174
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 27 2007 12:00AM
Updated:	Mar 28 2007 10:43PM
Credit:	This issue was discovered by an anonymous researcher working with iDefense.
Vulnerable:	IBM Lotus Domino 7.0.2 IBM Lotus Domino 7.0.1 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.5 FP2 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 6.5.4 FP 2 IBM Lotus Domino 6.5.4 FP 1 IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0

Not Vulnerable:	IBM Lotus Domino 7.0.2 FP1 IBM Lotus Domino 6.5.6

Discussion

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Exploit / POC

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

Solution:
The vendor has released fixes for this issue. Please see the referenced advisory for more information.

References

IBM Lotus Domino LDAP Server Task Heap-Based Buffer Overflow Vulnerability

References: