Vulnerability Name:

CVE-2003-0122 (CCN-11526)

Assigned:2003-03-11
Published:2003-03-11
Updated:2017-12-12
Summary:Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: VULNWATCH
Type: Third Party Advisory
20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication

Source: MITRE
Type: CNA
CVE-2003-0122

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication

Source: CONFIRM
Type: Broken Link
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101

Source: CCN
Type: IBM SPR# DBAR5CJJJS
Fixed a potential Denial of Service attack.

Source: CCN
Type: CERT Advisory CA-2003-11
Multiple Vulnerabilities in Lotus Notes and Domino

Source: CERT
Type: Third Party Advisory, US Government Resource
CA-2003-11

Source: CCN
Type: CIAC Information Bulletin N-065
Multiple Vulnerabilities in Lotus Notes and Domino

Source: CIAC
Type: Broken Link
N-065

Source: CCN
Type: US-CERT VU#433489
Lotus Domino Server susceptible to a pre-authentication buffer overflow during Notes authentication

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#433489

Source: CCN
Type: OSVDB ID: 10828
IBM Lotus Notes Server NotesRPC Authentication Long DN Overflow

Source: CCN
Type: Rapid7, Inc. Security Advisory R7-0010
Buffer Overflow in Lotus Notes Protocol Authentication

Source: MISC
Type: Not Applicable
http://www.rapid7.com/advisories/R7-0010.html

Source: BID
Type: Patch, Third Party Advisory, VDB Entry, Vendor Advisory
7037

Source: CCN
Type: BID-7037
IBM Lotus Notes Protocol Authentication Heap Corruption Denial Of Service Vulnerability

Source: CCN
Type: IBM Web site
Downloads

Source: XF
Type: Third Party Advisory, VDB Entry
lotus-nrpc-bo(11526)

Source: XF
Type: UNKNOWN
lotus-nrpc-bo(11526)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 4.6.1
    ibm lotus domino 4.6.3
    ibm lotus domino 4.6.4
    ibm lotus domino 5.0
    ibm lotus domino 5.0.1
    ibm lotus domino 5.0.2
    ibm lotus domino 5.0.3
    ibm lotus domino 5.0.4
    ibm lotus domino 5.0.4a
    ibm lotus domino 5.0.5
    ibm lotus domino 5.0.6
    ibm lotus domino 5.0.6a
    ibm lotus domino 5.0.7a
    ibm lotus domino 5.0.8
    ibm lotus domino 5.0.8a
    ibm lotus domino 5.0.9
    ibm lotus domino 5.0.9a
    ibm lotus domino 5.0.10
    ibm lotus domino 5.0.11
    ibm lotus notes client 5.0
    ibm lotus notes client 5.0.1
    ibm lotus notes client 5.0.2
    ibm lotus notes client 5.0.3
    ibm lotus notes client 5.0.4
    ibm lotus notes client 5.0.5
    ibm lotus notes client 5.0.9a
    ibm lotus notes client 5.0.10
    ibm lotus notes client 5.0.11
    ibm lotus notes client r5
    ibm lotus domino 5.0.8
    ibm lotus domino 5.0.5
    ibm lotus domino 5.0.9
    ibm lotus domino 5.0.9a
    ibm lotus domino 5.0
    ibm lotus domino 4.6.1
    ibm lotus domino 4.6.3
    ibm lotus domino 4.6.4
    ibm lotus domino 5.0.1
    ibm lotus domino 5.0.10
    ibm lotus domino 5.0.11
    ibm lotus domino 5.0.2
    ibm lotus domino 5.0.3
    ibm lotus domino 5.0.4a
    ibm lotus domino 5.0.6
    ibm lotus domino 5.0.6a
    ibm lotus domino 5.0.7a
    ibm lotus domino 5.0.8a
    ibm lotus notes client 5.0
    ibm lotus notes client 5.0.1
    ibm lotus notes client 5.0.10
    ibm lotus notes client 5.0.11
    ibm lotus notes client 5.0.2
    ibm lotus notes client 5.0.3
    ibm lotus notes client 5.0.4
    ibm lotus notes client 5.0.5
    ibm lotus notes client 5.0.9a
    ibm lotus notes client r5