Vulnerability Name:

CVE-2006-0121 (CCN-24223)

Assigned:2006-01-03
Published:2006-01-03
Updated:2017-07-20
Summary:Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors.
Note: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-0121

Source: CCN
Type: SA18328
IBM Lotus Domino/Notes Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18328

Source: CCN
Type: IBM Support and Downloads
Fix List for Lotus Notes and Lotus Domino Release 6.5.5 Maintenance Release (MR)

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=swg27007054

Source: CCN
Type: Notes/Domino Fix List
SPR # MKIN67MQVW fixed in 6.5.5; 6.5.4 FP1 release

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT

Source: CCN
Type: OSVDB ID: 22431
IBM Lotus Domino SSL Handshake Memory Leak Remote DoS

Source: CCN
Type: OSVDB ID: 22432
IBM Lotus Domino SSL Handshake Stash File Management Memory Leak Remote DoS

Source: BID
Type: Patch
16158

Source: CCN
Type: BID-16158
IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-0081

Source: XF
Type: UNKNOWN
lotus-ssl-handshake-dos(24223)

Source: XF
Type: UNKNOWN
lotus-ssl-handshake-dos(24223)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 6.5.0
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.3
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.4
    ibm lotus domino enterprise server 6.5.2
    ibm lotus domino enterprise server 6.5.4
    ibm lotus notes 6.5
    ibm lotus notes 6.5.1
    ibm lotus notes 6.5.2
    ibm lotus notes 6.5.3
    ibm lotus notes 6.5.4
    ibm lotus notes 6.5
    ibm lotus domino 6.5.0
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.3
    ibm lotus notes 6.5.3
    ibm lotus notes 6.5.2
    ibm lotus notes 6.5.1
    ibm lotus notes 6.5.4
    ibm lotus domino 6.5.4.1
    ibm lotus domino 6.5.4.2
    ibm lotus domino enterprise server 6.5.2
    ibm lotus domino enterprise server 6.5.4