WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 21-02-2005 ]
Category
[ Information Technologies ]
sub-Categoy
[ Lotus ]
      [http://www.securityfocus.com/archive/1/243469


        To:
        BugTraq
        Subject:
        Date:
        Nov 30 2001 3:14PM
        Author:
        Message-ID:
        <OFE6E25318.5AF1072E-ONC1256B14.005317D1@popin.nl>


      There exists a DOS in the current version of Lotus Domino 5.08 and earlier.

      The DOS manifests itself on Lotus Domino servers with the http task running and ssl enabled.

      A connection to the victim on port 443 with the nmap '-sR' switch will target this port with SunRPC program NULL commands in an attempt to determine whether it is an RPC port, and if so, what program and version number it serves up.

      Our first attempt brought the domino test server down. Tests on other setups revealed the same behaviour.

      The task that crashes is the nhttp task. It takes down the whole server.

      The nmap command used:

      nmap -n -p 443 -sR www.vicitim.com

      Lotus has acknowledged the issue and the internal reference number is SPR # MALR4Y6RL8

      The issue has been fixed in Lotus Domino 5.09 which is available from       www.notes.net as an incremental upgrade.

      Thanks to Ninke Westra for discovering the issue and for the testing.

      Regards,

      Hendrik-Jan Verheij       http://redheat.org
      BWSS Phone +(31) 0570-665140
      BWSS Fax +(31) 0570-665141
      h.j.verheij@bwss.nl http://www.bwss.nl
      Business Wide Services and Solutions

      It was OK before you touched it !]
      Cross-Indexed:

      New document Icon


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)