IBM Lotus Domino RPC operation Denial of Service Vulnerability

Release date: 2011-12-22
Updated on: 2011-12-26

Affected Systems:
IBM Lotus Domino 8.x
Unaffected system:
IBM Lotus Domino 8.5.3
IBM Lotus Domino 8.5.2 FP4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51167
Cve id: CVE-2011-1393

IBM Lotus Domino is an email and cluster platform that integrates email, document database, Rapid Application Development Technology, and Web technology.

IBM Lotus Domino has a denial of service vulnerability when handling malicious messages sent to the Domino Server through the Notes RPC. If attackers can monitor and record all communications between the Notes client and the Domino Server, in this case, you can modify a specific message in a certain way in a specific operation to use this vulnerability to cause the affected application to crash and refuse to serve legal users.

<* Source: Fortiguard Labs

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21575247
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ers.ibm.com/