CVE-2006-0120

Name of the Vulnerable Software and Affected Versions: IBM Lotus Notes and Domino Server versions prior to 6.5.5

Description: The issue involves multiple vectors that can cause a denial of service, resulting in an application crash. These vectors include sending a malformed message to an "Out Of Office" agent, using the compact command, processing malformed bitmap images, performing the "Delete Attachment" action, parsing certificates from a remote Certificate Table, and creating a SSL key ring with the Domino Administration client.

Recommendations: For versions prior to 6.5.5, update to version 6.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Out Of Office" agent, limiting the use of the compact command, avoiding the processing of malformed bitmap images, restricting the "Delete Attachment" action, verifying the validity of certificates from remote Certificate Tables, and limiting the creation of SSL key rings with the Domino Administration client.