CVE-2006-5835

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/22741	Patch Vendor Advisory
http://securitytracker.com/id?1017203
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026	Patch
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf	Exploit Vendor Advisory
http://www.securityfocus.com/bid/20960
http://www.vupen.com/english/advisories/2006/4411
https://exchange.xforce.ibmcloud.com/vulnerabilities/30118

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0.1:::::::*

History

No history.

Information

Published : 2006-11-10 01:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5835

Mitre link : CVE-2006-5835

CVE.ORG link : CVE-2006-5835

JSON object : View

Products Affected

ibm

lotus_notes

CWE

NVD-CWE-Other

{"id": "CVE-2006-5835", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-10T01:07:00.000", "references": [{"url": "http://secunia.com/advisories/22741", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017203", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20960", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4411", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file."}, {"lang": "es", "value": "El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticaci\u00f3n para realizar b\u00fasqueda de usuarios, lo que permite a atacantes remotos la obtenci\u00f3n de los ficheros de identificaci\u00f3n (ID) de los usuarios."}], "lastModified": "2017-07-20T01:34:01.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D4B2601-B62F-4235-BFFD-281235737450"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "273DF27B-9441-4925-BD7E-5709D7D059EE"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D037CC-1207-48E2-882E-8B236EE7138F"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5059BEF2-84EB-4B5F-84F5-9E3200B068F3"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB71B7AA-957B-46A6-9BC9-CE23EC721189"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46CF28C0-51AD-4783-B1F0-205DF64D133A"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0015A2-A70E-4B0C-B59A-44F5F611293D"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C63D40DF-C6F3-4502-9816-939265F10532"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94646433-DE15-4214-9C78-7D1DAB5A12D9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}