J-061: Lotus Notes Domino Server Denial of Service Attacks

PROBLEM:       An overflow problem in the Notes LDAP Service (NLDAP).               
PLATFORM:      Lotus Notes Domino Server 4.6.
DAMAGE:        An attacker could cause a denial of service.
SOLUTION:      Upgrade to Maintenance release 4.6.6 or 5.0.
VULNERABILITY  Risk is low because no data is lost and the system security 
ASSESSMENT:    is not breached.


[  Start ISS Advisory  ]

ISS Security Advisory
August 23, 1999

Denial of Service Attack against Lotus Notes Domino Server 4.6

Synopsis:

Lotus Domino Server is an integrated messaging and web application
server. An attacker can crash the Lotus Notes Domino server and stop
e-mail and other services that Domino provides for an organization.

Description:

There is an overflow problem in the Notes LDAP Service (NLDAP); the
service that handles the LDAP protocol. This overflow is related to the
way that NLDAP handles the ldap_search request. By sending a large amount of
data to the parameter in the ldap_search request, an attacker can cause a
PANIC in the Domino Server. This will allow an attacker to stop all Domino
services running on the affected machine.

Affected Versions: Lotus Notes Domino server 4.6.

Recommended Action: Upgrade to Maintenance release 4.6.6 or 5.0.

Additional Information:

Information in this advisory was obtained by the research of Caleb Sima
<csima@iss.net> of the ISS X-Force. ISS X-Force would like to thank Lotus
Development Corporation for their response and handling of this
vulnerability.

________


About ISS:

ISS leads the market as the source for e-business risk management
solutions, serving as a trusted security provider to thousands of
organizations including 21 of the 25 largest U.S. commercial banks and
more than 35 government agencies. With its Adaptive Security Management
approach, ISS empowers organizations to measure and manage enterprise
security risks within Intranet, extranet and electronic commerce
environments. Its award-winning SAFEsuite(r) product line of intrusion
detection, vulnerability management and decision support solutions are
vital for protection in today's world of global connectivity, enabling
organizations to proactively monitor, detect and respond to security
risks. Founded in 1994, ISS is headquartered in Atlanta, GA with
additional offices throughout the U.S. and international operations in
Australia/New Zealand, Belgium, France, Germany, Japan, Latin America and
the UK. For more information, visit the ISS Web site at www.iss.net or
call 800-776-2362. 

Copyright (c) 1999 by Internet Security Systems, Inc.  

Permission is hereby granted for the redistribution of this Alert
electronically.  It is not to be edited in any way without express consent
of the X-Force.  If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as
well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.

 

[  End ISS Advisory  ]

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/