| Vulnerability Name: | CVE-2010-0358 (CCN-55589) | ||||||||
| Assigned: | 2010-01-13 | ||||||||
| Published: | 2010-01-13 | ||||||||
| Updated: | 2011-04-28 | ||||||||
| Summary: | Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:TF/RC:C)
8.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:TF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0358 Source: CCN Type: Intevydis blog Lotus Domino 7 (probably 8) LDAP heap overflow Source: MISC Type: UNKNOWN http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html Source: MISC Type: UNKNOWN http://intevydis.com/vd-list.shtml Source: CCN Type: SA38275 IBM Lotus Domino Buffer Overflow Vulnerability Source: CCN Type: SECTRACK ID: 1023456 IBM Lotus Domino Heap Overflow May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1023456 Source: CCN Type: IBM Support and Downloads IBM Lotus Domino LDAP buffer overflow vulnerability advisory Source: CCN Type: IBM Notes/Domino Fix List SPR # KLYH7ZPNC2 fixed in 8.5.2; 7.0.4 FP2; 8.5.1 FP3; 8.0.2 FP5 release Source: CCN Type: IBM Lotus Domino Web site IBM Software - IBM Lotus Domino - Product Overview Source: XF Type: UNKNOWN lotus-domino-ldap-bo(55589) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||