IBM Lotus Domino Agent Signature Verification Local Privilege Escalation Vulnerability

TITLE: IBM Lotus Domino Agent Signature Verification Local Privilege Escalation Vulnerability
CLASS: Design Error
CVE: CVE-2007-0068

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 12:00AM
CREDIT: The vendor reported this issue.
VULNERABLE:

IBM Lotus Domino 7.0.2 FP1
IBM Lotus Domino 7.0.2
IBM Lotus Domino 7.0.1
IBM Lotus Domino 7.0

NOT VULNERABLE:

IBM Lotus Domino 7.0.2 FP2

Vai alla pagina originale su Security Focus

Discussion

IBM Lotus Domino Server is prone to a privilege escalation vulnerability because of a design error.

An attacker can exploit this issue to gain administrative access to the database server.

IBM Lotus Domino versions prior to 7.0.2 Fix Pack 2 (FP2) are vulnerable to this issue.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

Solution

Solution:
The vendor has released version 7.0.2 Fix Pack 2 to address this issue. Please contact the vendor to obtain fixes.

References

References:

• IBM (IBM)
  
• Lotus Domino Product Homepage (IBM)
  
• swg21258784 - Vulnerability in agent signature verification which may result in (IBM)
  

PhpLog