Wednesday, 20 July 2011

Lotus Domino Denial of Service Attack

Credits to Tom Duff.
Packet Storm is reporting a Lotus Domino Denial of Service issue...

# Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash
# Date: July 16, 2011
# Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -
# Software Link: none - cut/paste the malformed meeting invitation show below, send into some Domino shop as a mime type text/calendar with a filename.ics
# Version: 8.5.3 and very likely all 7.x and 8.x
# Tested on: W2K3, W2K8, XP running 8.5.3
# CVE : none - but IBM has patches for this and other

Particularly ugly in that the rest of the page has the cut and paste code for making the attachment that will crash the server...