Sign-up

ID

VAR-200412-0455


CVE

CVE-2004-2348


TITLE

Lotus Domino of Sybari AntiGen Service denial vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-980

DESCRIPTION

Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm. Sybari AntiGen For Lotus Domino has been reported prone to a remote denial of service vulnerability. The issue presents itself when a malicious encrypted ZIP archive is encountered. This will result in a denial of service to the affected Sybari AntiGen virus detection software. Although unconfirmed, it is conjectured that subsequent to the denial of service attack malicious programs may not be detected by Sybari AntiGen. The Sybari AntiGen version of Domino 7.0 Build 722 SR2 has a vulnerability

Trust: 1.26

sources: NVD: CVE-2004-2348 // BID: 9880 // VULHUB: VHN-10776

AFFECTED PRODUCTS

vendor:sybarimodel:antigenscope:eqversion:7.0_build_722_\(sr2\)

Trust: 1.6

vendor:sybarimodel:software antigen for lotus domino buildscope:eqversion:7.0722

Trust: 0.3

vendor:sybarimodel:software antigen for lotus domino buildscope:neversion:7.0723

Trust: 0.3

sources: BID: 9880 // CNNVD: CNNVD-200412-980 // NVD: CVE-2004-2348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2348
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-980
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10776
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2348
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10776
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10776 // CNNVD: CNNVD-200412-980 // NVD: CVE-2004-2348

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-980

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200412-980

EXTERNAL IDS

db:BIDid:9880

Trust: 2.0

db:SECUNIAid:11120

Trust: 1.7

db:NVDid:CVE-2004-2348

Trust: 1.7

db:SECTRACKid:1009437

Trust: 1.7

db:CNNVDid:CNNVD-200412-980

Trust: 0.7

db:XFid:15470

Trust: 0.6

db:VULHUBid:VHN-10776

Trust: 0.1

sources: VULHUB: VHN-10776 // BID: 9880 // CNNVD: CNNVD-200412-980 // NVD: CVE-2004-2348

REFERENCES

url:http://www.securityfocus.com/bid/9880

Trust: 1.7

url:http://securitytracker.com/id?1009437

Trust: 1.7

url:http://secunia.com/advisories/11120/

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15470

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/15470

Trust: 0.6

url:http://www.sybari.com/products/antigen_notes.asp

Trust: 0.3

sources: VULHUB: VHN-10776 // BID: 9880 // CNNVD: CNNVD-200412-980 // NVD: CVE-2004-2348

CREDITS

The vendor reported this vulnerability.

Trust: 0.9

sources: BID: 9880 // CNNVD: CNNVD-200412-980

SOURCES

db:VULHUBid:VHN-10776
db:BIDid:9880
db:CNNVDid:CNNVD-200412-980
db:NVDid:CVE-2004-2348

LAST UPDATE DATE

2024-08-14T15:04:47.063000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-10776date:2017-07-11T00:00:00
db:BIDid:9880date:2004-03-15T00:00:00
db:CNNVDid:CNNVD-200412-980date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2348date:2017-07-11T01:31:49.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-10776date:2004-12-31T00:00:00
db:BIDid:9880date:2004-03-15T00:00:00
db:CNNVDid:CNNVD-200412-980date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2348date:2004-12-31T05:00:00