Home page logo

bugtraq logo Bugtraq mailing list archives

Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
From: "Hendrik-Jan Verheij" <h.j.verheij () bwss nl>
Date: Fri, 30 Nov 2001 16:14:11 +0100

There exists a DOS in the current version of Lotus Domino 5.08 and earlier.

The DOS manifests  itself on Lotus Domino servers with the http task
running and ssl enabled.

A connection to the victim on port 443  with the nmap '-sR' switch will
target this port with SunRPC program NULL commands  in  an  attempt  to
determine  whether  it is an  RPC port, and if so, what program and version
number it serves up.

Our first attempt brought the domino test server down. Tests on other
setups revealed the same behaviour.

The task that crashes is the nhttp task. It takes down the whole server.

the nmap command used:

nmap -n -p 443 -sR www.vicitim.com

Lotus has acknowledged the issue and the internal reference number is SPR #

The issue has been fixed in Lotus Domino 5.09 which is available from
www.notes.net as an incremental upgrade.

Thanks to Ninke Westra for discovering the issue and for the testing.


Hendrik-Jan Verheij  http://redheat.org
BWSS    Phone +(31) 0570-665140
BWSS    Fax      +(31) 0570-665141
h.j.verheij () bwss nl    http://www.bwss.nl
Business Wide Services and Solutions

It was OK before you touched it !

  By Date           By Thread  

Current thread:
  • Denial of Service in Lotus Domino 5.08 and earlier HTTP Server Hendrik-Jan Verheij (Nov 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]