CVE-2006-0121 - Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a d

CVE-2006-0121

Summary

Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.

References

Vulnerable Configurations

cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	16158
confirm	http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT
secunia	18328
vupen	ADV-2006-0081
xf	lotus-ssl-handshake-dos(24223)

Last major update

20-07-2017 - 01:29

Published

09-01-2006 - 11:03

Last modified

20-07-2017 - 01:29