Lotus Domino SunRPC NULL Command DoS

2001-11-30T00:00:00
ID OSVDB:1998
Type osvdb
Reporter OSVDB
Modified 2001-11-30T00:00:00

Description

Vulnerability Description

Lotus Domino HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when a SunRPC NULL string is sent to the SSL port (443), and will result in loss of availability for the service

Technical Description

This vulnerability can be demonstrated with a simple nmap RPC scan:

nmap -n -p 443 -sR www.vicitim.com

Solution Description

Upgrade to version 5.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lotus Domino HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when a SunRPC NULL string is sent to the SSL port (443), and will result in loss of availability for the service

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-11/0302.html ISS X-Force ID: 7631 CVE-2001-0939 CERT VU: 332299 Bugtraq ID: 3607