The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.
A continuous stream of "connect" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.
Intruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.
Restrict access to port 63148 to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.
Our thanks to Defcom Labs , which published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
|Date First Published:||2001-07-12|
|Date Last Updated:||2001-07-17 19:13 UTC|