IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities
12 Nov. 2006
Summary
IBM Lotus Domino is "a software suite designed to facilitate collaboration between co-workers". Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root.
Vulnerable Systems:
* IBM Lotus Domino version 7.0.1.1 (Linux)
The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.
Analysis:
Exploitation could allow local attackers to elevate their privileges to that of the 'root' account. On most modern systems, this means that attackers would gain complete control over the target system.
Workaround:
To prevent exploitation, rename or delete the /etc/SuSE-release or /etc/redhat-release file. The 'tunekrnl' binary's vulnerable code is not executed if this file does not exist. Also, removing the set-user-id bit from the 'tunekrnl' binary prevents privilege escalation. However, this may require running the utility as root manually to increase system resource limits as needed.
