[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
From:       "Hendrik-Jan Verheij" <h.j.verheij () bwss ! nl>
Date:       2001-11-30 15:14:11
[Download RAW message or body]



There exists a DOS in the current version of Lotus Domino 5.08 and earlier.

The DOS manifests  itself on Lotus Domino servers with the http task
running and ssl enabled.

A connection to the victim on port 443  with the nmap '-sR' switch will
target this port with SunRPC program NULL commands  in  an  attempt  to
determine  whether  it is an  RPC port, and if so, what program and version
number it serves up.

Our first attempt brought the domino test server down. Tests on other
setups revealed the same behaviour.

The task that crashes is the nhttp task. It takes down the whole server.

the nmap command used:

nmap -n -p 443 -sR www.vicitim.com

Lotus has acknowledged the issue and the internal reference number is SPR #
MALR4Y6RL8

The issue has been fixed in Lotus Domino 5.09 which is available from
www.notes.net as an incremental upgrade.

Thanks to Ninke Westra for discovering the issue and for the testing.

regards,

Hendrik-Jan Verheij  http://redheat.org
BWSS    Phone +(31) 0570-665140
BWSS    Fax      +(31) 0570-665141
h.j.verheij@bwss.nl    http://www.bwss.nl
Business Wide Services and Solutions

It was OK before you touched it !

[prev in list] [next in list] [prev in thread] [next in thread]