IBM Lotus Domino SMTP Server Malformed Meeting Request (vCal) DoS

critical Nessus Plugin ID 21778

Synopsis

The remote SMTP server is susceptible to a denial of service attack.

Description

The remote host is running Lotus Domino, a messaging and collaboration application suite.

According to the version number in its banner, the SMTP server bundled with Lotus Domino on the remote host reportedly suffers from a denial of service flaw. Specifically, the routing server will consumes 100% of the CPU when attempting to process a malformed 'vcal' meeting request. An unauthenticated attacker may be able to leverage this issue to deny service to legitimate users.

In addition, IBM has identified several additional vulnerabilities that affect this version.

Solution

Upgrade to Lotus Domino 6.5.4 FP1, 6.5.5 or 7.0 or later.

See Also

http://www.securityfocus.com/advisories/10761

http://www.nessus.org/u?2f258473

Plugin Details

Severity: Critical

ID: 21778

File Name: domino_smtp_vcal_dos.nasl

Version: 1.18

Type: remote

Published: 6/29/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/26/2006

Reference Information

CVE: CVE-2006-0119

BID: 18020