iDefense Security Advisory 03.28.07 – Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.’s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and 7.0.1.1 the Directory Service (LDAP) component of Lotus Domino Server.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/55458/03.28.07-2.txt
Source: https://packetstormsecurity.com/files/55458/iDEFENSE-Security-Advisory-2007-03-28.2.html