Packet Storm is reporting a Lotus Domino Denial of Service issue...
# Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash
# Date: July 16, 2011
# Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0
# Software Link: none - cut/paste the malformed meeting invitation show below, send into some Domino shop as a mime type text/calendar with a filename.ics
# Version: 8.5.3 and very likely all 7.x and 8.x
# Tested on: W2K3, W2K8, XP running 8.5.3
# CVE : none - but IBM has patches for this and other
items
https://www-304.ibm.com/support/docview.wss?q1=vulnerability%20OR%20vulnerabilities&rs=0&uid=swg21461514&cs=utf-8?=en&loc=en_US&cc=us
https://www-304.ibm.com/support/docview.wss?uid=swg21504183
Particularly ugly in that the rest of the page has the cut and paste code for making the attachment that will crash the server...
Wednesday, 20 July 2011
Lotus Domino Denial of Service Attack
Credits to Tom Duff.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment