Saturday, February 19, 2011

IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

I am quite interested in Lotus Domino security, I think it makes an interesting platform for attacking for several reasons. It is a fully packed solution for enterprises (email, collaboration platform and custom application platform) and I don't believe the product has even really been scrutinized from a security pespective.

A remote code execution exploit is now available for the LDAP service, which is enabled by default :s The source of an exploit can be found here.

No comments: