| VID |
22197 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino Web server, according to its version number, has multiple vulnerabilities in LDAP handling code.
The LDAP(Lightweight Directory Access Protocol) is a specification for a client-server protocol to retrieve and manage directory information. The LDAP in Lotus Domino Server has multiple buffer overflows in the code that processes LDAP requests. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite, developed by the PROTOS project. One or more of these vulnerabilities allows a remote attacker to execute arbitrary code with the privileges of the Domino server or cause the server to crash.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cert.org/advisories/CA-2003-11.html
http://www.kb.cert.org/vuls/id/583184
http://www.rapid7.com/advisories/R7-0012.html
* Platforms Affected:
Lotus Domino R5 5.0.x |
| Recommendation |
Upgrade to the fixed version(R5.0.7a, R6 Gold, and 6.0.1) or the latest version(R6.0.1 or later) of Lotus Domino Server. |
| Related URL |
CVE-2001-1311 (CVE) |
| Related URL |
7039 (SecurityFocus) |
| Related URL |
6895 (ISS) |
|
