Lucene search

MitreCVE-2003-0122

HistorySep 01, 2004 - 4:00 a.m.

CVE-2003-0122

2004-09-0104:00:00

mitre

web.nvd.nist.gov

cve-2003-0122

buffer overflow

notes server

remote code execution

dn field

authentication

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.1

Confidence

High

EPSS

0.016

Percentile

87.5%

JSON

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

Affected configurations

Nvd

Node

ibmlotus_dominoMatch4.6.1

ibmlotus_dominoMatch4.6.3

ibmlotus_dominoMatch4.6.4

ibmlotus_dominoMatch5.0

ibmlotus_dominoMatch5.0.1

ibmlotus_dominoMatch5.0.2

ibmlotus_dominoMatch5.0.3

ibmlotus_dominoMatch5.0.4

ibmlotus_dominoMatch5.0.4a

ibmlotus_dominoMatch5.0.5

ibmlotus_dominoMatch5.0.6

ibmlotus_dominoMatch5.0.6a

ibmlotus_dominoMatch5.0.7a

ibmlotus_dominoMatch5.0.8

ibmlotus_dominoMatch5.0.8a

ibmlotus_dominoMatch5.0.9

ibmlotus_dominoMatch5.0.9a

ibmlotus_dominoMatch5.0.10

ibmlotus_dominoMatch5.0.11

ibmlotus_notes_clientMatch5.0

ibmlotus_notes_clientMatch5.0.1

ibmlotus_notes_clientMatch5.0.2

ibmlotus_notes_clientMatch5.0.3

ibmlotus_notes_clientMatch5.0.4

ibmlotus_notes_clientMatch5.0.5

ibmlotus_notes_clientMatch5.0.9a

ibmlotus_notes_clientMatch5.0.10

ibmlotus_notes_clientMatch5.0.11

ibmlotus_notes_clientMatchr5

VendorProductVersionCPE
ibmlotus_domino4.6.1cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*
ibmlotus_domino4.6.3cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*
ibmlotus_domino4.6.4cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*
ibmlotus_domino5.0cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
ibmlotus_domino5.0.1cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
ibmlotus_domino5.0.2cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
ibmlotus_domino5.0.3cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
ibmlotus_domino5.0.4cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*
ibmlotus_domino5.0.4acpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*
ibmlotus_domino5.0.5cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	4.6.1	cpe:2.3:a:ibm:lotus_domino:4.6.1:::::::*
ibm	lotus_domino	4.6.3	cpe:2.3:a:ibm:lotus_domino:4.6.3:::::::*
ibm	lotus_domino	4.6.4	cpe:2.3:a:ibm:lotus_domino:4.6.4:::::::*
ibm	lotus_domino	5.0	cpe:2.3:a:ibm:lotus_domino:5.0:::::::*
ibm	lotus_domino	5.0.1	cpe:2.3:a:ibm:lotus_domino:5.0.1:::::::*
ibm	lotus_domino	5.0.2	cpe:2.3:a:ibm:lotus_domino:5.0.2:::::::*
ibm	lotus_domino	5.0.3	cpe:2.3:a:ibm:lotus_domino:5.0.3:::::::*
ibm	lotus_domino	5.0.4	cpe:2.3:a:ibm:lotus_domino:5.0.4:::::::*
ibm	lotus_domino	5.0.4a	cpe:2.3:a:ibm:lotus_domino:5.0.4a:::::::*
ibm	lotus_domino	5.0.5	cpe:2.3:a:ibm:lotus_domino:5.0.5:::::::*

Rows per page:

1-10 of 291

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html

marc.info/?l=bugtraq&m=104757319829443&w=2

www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101

www.cert.org/advisories/CA-2003-11.html

www.ciac.org/ciac/bulletins/n-065.shtml

www.kb.cert.org/vuls/id/433489

www.rapid7.com/advisories/R7-0010.html

www.securityfocus.com/bid/7037

exchange.xforce.ibmcloud.com/vulnerabilities/11526

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.1

Confidence

High

EPSS

0.016

Percentile

87.5%

JSON

Related for CVE-2003-0122