Vulnerability Name:

CVE-2005-2712 (CCN-24634)

Assigned:2005-12-31
Published:2005-12-31
Updated:2017-07-11
Summary:The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-2712

Source: CCN
Type: SECTRACK ID: 1015611
IBM Lotus Domino/Notes `nldap.exe` Bug Lets Remote Users Deny Service

Source: SECTRACK
Type: Patch
1015611

Source: CCN
Type: Lotus Support Services Technote 1229907
Potential Denial of Service Vulnerability in Domino LDAP Server Task

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907

Source: CCN
Type: IBM Software Support Web site
Lotus Support

Source: IDEFENSE
Type: Vendor Advisory
20060213 IBM Lotus Domino Server LDAP DoS Vulnerability

Source: CCN
Type: OSVDB ID: 23121
IBM Lotus Domino Server nldap.exe Long String NULL Dererence DoS

Source: BID
Type: UNKNOWN
16523

Source: CCN
Type: BID-16523
Lotus Domino LDAP Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0526

Source: XF
Type: UNKNOWN
domino-ldap-bind-dos(24634)

Source: XF
Type: UNKNOWN
domino-ldap-bind-dos(24634)

Source: CCN
Type: iDEFENSE Security Advisory 02.10.06
IBM Lotus Domino Server LDAP DoS Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:::professional:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 6.0
    ibm lotus domino 6.0.1
    ibm lotus domino 6.0.1.1
    ibm lotus domino 6.0.1.2
    ibm lotus domino 6.0.1.3
    ibm lotus domino 6.0.2.1
    ibm lotus domino 6.0.2.2
    ibm lotus domino 6.0.3
    ibm lotus domino 6.0.4
    ibm lotus domino 6.0.5
    ibm lotus domino 6.5
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.2.1
    ibm lotus domino 6.5.3
    ibm lotus domino 6.5.3.1
    ibm lotus domino 6.5.4
    ibm lotus domino 7.0
    ibm lotus domino 6.0
    ibm lotus domino 6.0.1
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.4
    ibm lotus domino 6.0.2.2
    ibm lotus domino 6.0.3
    ibm lotus domino 6.0.2.1
    ibm lotus domino 6.5.3
    ibm lotus domino 6.5.2.1
    ibm lotus domino 6.0.1.3
    ibm lotus domino 6.5.3.1
    ibm lotus domino 6.5
    ibm lotus domino 6.0.1.2
    ibm lotus domino 6.0.4
    ibm lotus domino 6.0.1.1
    ibm lotus domino 6.0.5
    ibm lotus domino 7.0
    microsoft windows xp