The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
IBM Lotus Domino Server LDAP DoS
------------------------------------------------------------------------
SUMMARY
"
<http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominohomepage>
IBM Lotus Domino server provides enterprise-grade collaboration capabilities
that can be deployed as a core e-mail and enterprise scheduling infrastructure
(IBM Lotus Domino Messaging Server), as a custom application platform (IBM
Lotus Domino Utility Server), or both (IBM Lotus Domino Enterprise Server)."
A specially crafted bind request sent to the LDAP server port can result
in a Lotus Domino server crash.
DETAILS
Vulnerable Systems:
* Lotus Domino Server version 6.5.4
Immune Systems:
* IBM Lotus Notes/Domino version 6.5.4 FP2
* IBM Lotus Notes/Domino version 6.5.5
* IBM Lotus Notes/Domino version 7.0.1
The problem specifically exists within the LDAP server "nldap.exe". When
sending a specially crafted bind request with a long string to the LDAP
server port (389), a NULL pointer dereference occurs, resulting in a crash
of the process.
Exploitation of this vulnerability allow unauthenticated remote attackers
to crash the LDAP service, thereby preventing legitimate usage. This
attack takes little resources to launch and can be repeated to ensure that
an unpatched computer is unable to recover even after the administrator
manually restarts the service.
Exploitation of this vulnerability allow unauthenticated remote attackers
to crash the LDAP service, thereby preventing legitimate usage. This
attack takes little resources to launch and can be repeated to ensure that
an unpatched computer is unable to recover even after the administrator
manually restarts the service.
Workaround:
Employ firewalls, access control lists or other TCP/UDP restriction
mechanisms to limit access to systems and services. More specifically,
limit access to TCP port 389 on the LDAP server to only allow trusted
hosts to connect.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2712>
CAN-2005-2712
Disclosure Timeline:
08/23/2005 Initial vendor notification
08/23/2005 Initial vendor response
02/10/2006 Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@lists.idefense.com> iDEFENSE Labs.
The original article can be found at:
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389>
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389
The vendor advisory can be found at:
<http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907>
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
