Lucene search

[email protected]CVE-2003-0122

HistorySep 01, 2004 - 4:00 a.m.

CVE-2003-0122

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0122

buffer overflow

notes server

remote code execution

dn field

authentication

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.1 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

Affected configurations

NVD

Node

ibmlotus_dominoMatch4.6.1

ibmlotus_dominoMatch4.6.3

ibmlotus_dominoMatch4.6.4

ibmlotus_dominoMatch5.0

ibmlotus_dominoMatch5.0.1

ibmlotus_dominoMatch5.0.2

ibmlotus_dominoMatch5.0.3

ibmlotus_dominoMatch5.0.4

ibmlotus_dominoMatch5.0.4a

ibmlotus_dominoMatch5.0.5

ibmlotus_dominoMatch5.0.6

ibmlotus_dominoMatch5.0.6a

ibmlotus_dominoMatch5.0.7a

ibmlotus_dominoMatch5.0.8

ibmlotus_dominoMatch5.0.8a

ibmlotus_dominoMatch5.0.9

ibmlotus_dominoMatch5.0.9a

ibmlotus_dominoMatch5.0.10

ibmlotus_dominoMatch5.0.11

ibmlotus_notes_clientMatch5.0

ibmlotus_notes_clientMatch5.0.1

ibmlotus_notes_clientMatch5.0.2

ibmlotus_notes_clientMatch5.0.3

ibmlotus_notes_clientMatch5.0.4

ibmlotus_notes_clientMatch5.0.5

ibmlotus_notes_clientMatch5.0.9a

ibmlotus_notes_clientMatch5.0.10

ibmlotus_notes_clientMatch5.0.11

ibmlotus_notes_clientMatchr5

CPENameOperatorVersion
ibm:lotus_dominoibm lotus dominoeq4.6.1
ibm:lotus_dominoibm lotus dominoeq4.6.3
ibm:lotus_dominoibm lotus dominoeq4.6.4
ibm:lotus_dominoibm lotus dominoeq5.0
ibm:lotus_dominoibm lotus dominoeq5.0.1
ibm:lotus_dominoibm lotus dominoeq5.0.2
ibm:lotus_dominoibm lotus dominoeq5.0.3
ibm:lotus_dominoibm lotus dominoeq5.0.4
ibm:lotus_dominoibm lotus dominoeq5.0.4a
ibm:lotus_dominoibm lotus dominoeq5.0.5

CPE	Name	Operator	Version
ibm:lotus_domino	ibm lotus domino	eq	4.6.1
ibm:lotus_domino	ibm lotus domino	eq	4.6.3
ibm:lotus_domino	ibm lotus domino	eq	4.6.4
ibm:lotus_domino	ibm lotus domino	eq	5.0
ibm:lotus_domino	ibm lotus domino	eq	5.0.1
ibm:lotus_domino	ibm lotus domino	eq	5.0.2
ibm:lotus_domino	ibm lotus domino	eq	5.0.3
ibm:lotus_domino	ibm lotus domino	eq	5.0.4
ibm:lotus_domino	ibm lotus domino	eq	5.0.4a
ibm:lotus_domino	ibm lotus domino	eq	5.0.5

Rows per page:

1-10 of 291

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html

marc.info/?l=bugtraq&m=104757319829443&w=2

www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101

www.cert.org/advisories/CA-2003-11.html

www.ciac.org/ciac/bulletins/n-065.shtml

www.kb.cert.org/vuls/id/433489

www.rapid7.com/advisories/R7-0010.html

www.securityfocus.com/bid/7037

exchange.xforce.ibmcloud.com/vulnerabilities/11526

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.1 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2003-0122

cvelist1 nvd1 securityvulns1