About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

BlogSphere RSS Feed RSS Feed

Downloads

LotusScript Progress Meter
Removing Icons In Workspace
MS Constants Notes database
My Writing/Speaking Credits
Privacy/Disclosure Statement

Visitor Count...



View My Stats

« IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability | Main| IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability »

IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.

The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response
IBM states:


Disclosure Timeline
2010-07-20 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

Posted by Thomas Admin Duff On 02/08/2011 | | Bookmark and Share

Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives