|
|
|
 |
Vulnerability Note VU#555464Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCPOverviewThe Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.I. DescriptionA continuous stream of "connect" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.II. ImpactIntruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.III. SolutionUpgrade to Notes/Domino 5.0.7 or later. See http://www.notes.net/qmrdown.nsf/QMRWelcome.Restrict access to port 63148 to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.
ReferencesVU#601312 VU#676552 VU#890128 VU#642760 Our thanks to Defcom Labs, which published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208. This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||