[NEWS] Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression

From: support@securiteam.com
Date: 03/16/03

  • Next message: support@securiteam.com: "[NT] Sun ONE (iPlanet) Application Server Connector Module Overflow"
    From: support@securiteam.com
    To: list@securiteam.com
    Date: 16 Mar 2003 13:38:19 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    In the US?

    Contact Beyond Security at our new California office
    housewarming rates on automated network vulnerability
    scanning. We also welcome ISPs and other resellers!

    Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
    - - - - - - - - -

      Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression
    ------------------------------------------------------------------------

    SUMMARY

    In July 2001, the PROTOS protocol-testing group at the University of Oulu
    in Finland released an LDAP protocol test suite that exposed flaws in LDAP
    implementations from multiple vendors. [1]

    Lotus Domino R5.0.7 and earlier were affected by the PROTOS LDAP issues,
    resulting in buffer overflows and denial of service against the Domino
    server. Lotus addressed these issues in Domino R5.0.7a, released May 18
    2001. [2]

    While regression testing the pre-release and beta versions of Lotus Domino
    R6 with the PROTOS LDAP test suite, we found that these releases were
    vulnerable to the issues PROTOS discovered.

    DETAILS

    Vulnerable systems:
     * Lotus Notes/Domino R6 pre-release and beta versions
     * Lotus Domino R5.0.7 and earlier

    Immune systems:
     * Lotus Notes/Domino R6.0 Gold
     * Lotus Notes/Domino R6.0.1
     * Lotus Notes/Domino R5.0.7a through R5.0.12

    Credit for discovery of this vulnerability goes to the PROTOS project.
    Please see their LDAP test suite page for more information. [1]

    Vendor status and information:
    Lotus was notified and they have fixed this vulnerability. Lotus
    originally tracked these issues as SPR #DWUU4W6NC8 and are tracking the R6
    beta issues with this SPR. [3] See the References section for more
    information.

    Solution:
    Users running R6 beta and pre-release builds should upgrade to R6.0 Gold
    or higher. Due to other vulnerabilities discovered in R6.0 Gold, you
    should consider upgrading to R6.0.1, which was released in February 2003.

    Users running R5.0.7a and higher are not affected.

    Domino incremental installers may be downloaded from the following URL:
     
    <http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ESD-DMNTSRVRi&sb=r> http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ESD-DMNTSRVRi&sb=r

    ADDITIONAL INFORMATION

    References:
    [1] PROTOS - Security Testing of Protocol Implementations
     <http://www.ee.oulu.fi/research/ouspg/protos/>
    http://www.ee.oulu.fi/research/ouspg/protos/

    [2] Lotus statement about LDAP vulnerability fixes
     <http://www.kb.cert.org/vuls/id/JPLA-4WESN5>
    http://www.kb.cert.org/vuls/id/JPLA-4WESN5

    [3] Lotus SPR #DWUU4W6NC8
     <http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8>
    http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8

    The information has been provided by <mailto:advisory@rapid7.com> Rapid7
    Security Advisories.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: support@securiteam.com: "[NT] Sun ONE (iPlanet) Application Server Connector Module Overflow"

    Relevant Pages