[23348] in bugtraq
Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
daemon@ATHENA.MIT.EDU (Hendrik-Jan Verheij)
Fri Nov 30 17:53:28 2001
To: bugtraq@securityfocus.com
Message-ID: <OFE6E25318.5AF1072E-ONC1256B14.005317D1@popin.nl>
From: "Hendrik-Jan Verheij" <h.j.verheij@bwss.nl>
Date: Fri, 30 Nov 2001 16:14:11 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
There exists a DOS in the current version of Lotus Domino 5.08 and earlier.
The DOS manifests itself on Lotus Domino servers with the http task
running and ssl enabled.
A connection to the victim on port 443 with the nmap '-sR' switch will
target this port with SunRPC program NULL commands in an attempt to
determine whether it is an RPC port, and if so, what program and version
number it serves up.
Our first attempt brought the domino test server down. Tests on other
setups revealed the same behaviour.
The task that crashes is the nhttp task. It takes down the whole server.
the nmap command used:
nmap -n -p 443 -sR www.vicitim.com
Lotus has acknowledged the issue and the internal reference number is SPR #
MALR4Y6RL8
The issue has been fixed in Lotus Domino 5.09 which is available from
www.notes.net as an incremental upgrade.
Thanks to Ninke Westra for discovering the issue and for the testing.
regards,
Hendrik-Jan Verheij http://redheat.org
BWSS Phone +(31) 0570-665140
BWSS Fax +(31) 0570-665141
h.j.verheij@bwss.nl http://www.bwss.nl
Business Wide Services and Solutions
It was OK before you touched it !
