[NT] IBM Lotus Domino Server LDAP DoS
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 14 Feb 2006 19:33:19 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
IBM Lotus Domino Server LDAP DoS
------------------------------------------------------------------------
SUMMARY
"
<http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominohomepage> IBM Lotus Domino server provides enterprise-grade collaboration capabilities that can be deployed as a core e-mail and enterprise scheduling infrastructure (IBM Lotus Domino Messaging Server), as a custom application platform (IBM Lotus Domino Utility Server), or both (IBM Lotus Domino Enterprise Server)."
A specially crafted bind request sent to the LDAP server port can result
in a Lotus Domino server crash.
DETAILS
Vulnerable Systems:
* Lotus Domino Server version 6.5.4
Immune Systems:
* IBM Lotus Notes/Domino version 6.5.4 FP2
* IBM Lotus Notes/Domino version 6.5.5
* IBM Lotus Notes/Domino version 7.0.1
The problem specifically exists within the LDAP server "nldap.exe". When
sending a specially crafted bind request with a long string to the LDAP
server port (389), a NULL pointer dereference occurs, resulting in a crash
of the process.
Exploitation of this vulnerability allow unauthenticated remote attackers
to crash the LDAP service, thereby preventing legitimate usage. This
attack takes little resources to launch and can be repeated to ensure that
an unpatched computer is unable to recover even after the administrator
manually restarts the service.
Exploitation of this vulnerability allow unauthenticated remote attackers
to crash the LDAP service, thereby preventing legitimate usage. This
attack takes little resources to launch and can be repeated to ensure that
an unpatched computer is unable to recover even after the administrator
manually restarts the service.
Workaround:
Employ firewalls, access control lists or other TCP/UDP restriction
mechanisms to limit access to systems and services. More specifically,
limit access to TCP port 389 on the LDAP server to only allow trusted
hosts to connect.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2712>
CAN-2005-2712
Disclosure Timeline:
08/23/2005 Initial vendor notification
08/23/2005 Initial vendor response
02/10/2006 Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxxxxxxxx> iDEFENSE Labs.
The original article can be found at:
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389>
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389
The vendor advisory can be found at:
<http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907>
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] Win32 Bind Shell
- Next by Date: [UNIX] CPAINT AJAX Library Cross Site Scripting
- Previous by thread: [TOOL] Win32 Bind Shell
- Next by thread: [UNIX] CPAINT AJAX Library Cross Site Scripting
- Index(es):
Relevant Pages
- [NEWS] IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... IBM Lotus Domino Server LDAP
Request Invalid DN Message Heap Overflow ... Remote exploitation of a heap overflow vulnerability
in the LDAP component ... (Securiteam) - [NEWS] IBM Lotus Domino Server Web Service DoS Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Lotus Domino Server web service
allows attackers to crash the service, ... This results in the immediate crash of nHTTP.EXE
and is not reported to ... Exploitation of this vulnerability allows unauthenticated remote
attackers ... (Securiteam) - [UNIX] CommuniGate Pro Server Multiple DoS (LDAP, SIP)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... CommuniGate Pro Server Multiple
DoS (LDAP, ... (Securiteam) - [NT] Ipswitch IMail LDAP Daemon Remote Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Exploitation of a remote
buffer overflow within the ... LDAP daemon of Ipswitch IMAIL Server allows attackers to
execute arbitrary ... An attacker can utilize this to overwrite the address of the Global
... (Securiteam) - [NEWS] Lotus Domino Buffer Overflow (Time/Date Field)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A buffer overflow vulnerability
in Lotus Domino allows remote attackers to ... with access to the web server to cause the
Lotus Domino server to execute ... (Securiteam)
