Saturday, July 30, 2011

lotus domino 7 probably 8 ldap heap

intevydis Alert ID: 1023456
intevydis URL: http://securitytracker.com/id/1023456
Updated: Jan 29 2010
Original Entry Date: Jan 14 2010
Impact: Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Version(s): Domino 7.x, possibly 8.x
Description: A vulnerability was reported in IBM Lotus Domino. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted LDAP data to trigger a heap overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target service.

Evgeny Legerov from Intevydis reported this vulnerability.