IBM Lotus Domino LDAP Server Denial of Service Vulnerability
Category IBM/Lotus
From Secunia: http://secunia.com/advisories/18738/
Secunia Advisory: SA18738
Release Date: 2006-02-07
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
Software: IBM Lotus Domino 7.x
Description: Evgeny Legerov has discovered a vulnerability in Lotus Domino, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the LDAP server within the handling of certain requests. This can be exploited to crash the service via a specially-crafted request sent to port 389/tcp.
The vulnerability has been confirmed in version 7.0. Other versions may also be affected.
Solution: Restrict access to the LDAP service.
From Secunia: http://secunia.com/advisories/18738/
Secunia Advisory: SA18738
Release Date: 2006-02-07
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
Software: IBM Lotus Domino 7.x
Description: Evgeny Legerov has discovered a vulnerability in Lotus Domino, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the LDAP server within the handling of certain requests. This can be exploited to crash the service via a specially-crafted request sent to port 389/tcp.
The vulnerability has been confirmed in version 7.0. Other versions may also be affected.
Solution: Restrict access to the LDAP service.
| Permalink |
Comments
I remember seeing something in the 7.0.1 fix list about a DoS bug that had been fixed. I wonder if this is related.
Bruce
Posted by Bruce Elgort At 20:50:14 On 08/02/2006 | - Website - |