| VID |
12080 |
| Severity |
30 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The Lotus Domino LDAP server is vulnerable to a denial of service vulnerability which exists in versions prior to 7.0.1. IBM Lotus Notes/Domino versions prior to 6.5.4 FP2 and 6.5.5, and versions 7.x prior to 7.0.1 are vulnerable to a denial of service attack, caused by a NULL pointer dereference in the LDAP (Lightweight Directory Access Protocol) service. By sending a specially-crafted bind request with a long string to TCP port 389, a remote attacker could crash an affected LDAP service (nldap.exe).
* References:
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389
http://www.frsirt.com/english/advisories/2006/0526
http://securitytracker.com/id?1015611
* Platforms Affected:
IBM Lotus Notes/Domino versions prior to 6.5.4 FP2 and 6.5.5
IBM Lotus Notes/Domino versions 7.x prior to 7.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Notes/Domino (Domino 6.5.4 FP2, Domino 6.5.5, Domino 7.0.1 or later), available from the IBM Upgrade Central site at http://www.ibm.com/software/lotus/support/upgradecentral/index.html |
| Related URL |
CVE-2005-2712 (CVE) |
| Related URL |
16523 (SecurityFocus) |
| Related URL |
24634 (ISS) |
|
