IBM denies report of new DoS vulnerability in Domino

• Peter Bochner
• Published: 07 Apr 2005

iDefense Labs Inc., a seven-year-old provider of security intelligence services has reported a denial of service (DoS) vulnerability in a Lotus Domino Server 6.5.1 Web service that allows attackers to crash the service. The problem exists within the module NLSCCSTR.DLL.

According to the vulnerability report, Lotus Domino Server 6.03 and earlier versions are also vulnerable to the attack, which prevents legitimate access. However, Reston, Va.-based iDefense confirmed that Lotus Domino Server version 6.5.3 is not affected.

IBM has released a technote for this issue that says that it has been unable to reproduce the event and has therefore not released any patches. According to the technote, "Customers should consider upgrading to Lotus Domino Server version 6.5.3, which iDefense has confirmed as being not vulnerable."

A person who wants to remain anonymous, according to iDefense, first disclosed the vulnerability in February. IBM was then notified and responded on Feb. 9. The problem was not publicly disclosed until April 6.

iDefense Labs said the attack requires minimal resources to launch and can be repeated to ensure that an unpatched computer is unable to recover. The company further said that although a successful attack does not generate error messages in the NSERVER terminal, the nHTTP.exe process has indeed crashed. Restarting Domino Server will resume normal functionality, the company said.

The vulnerability report was first disclosed in February by a person who, according to iDefense, wants to remain anonymous. IBM was then notified and responded on Feb. 9. The problem was not publicly disclosed until April 6.

According to iDefense Labs, the attack requires minimal resources to launch and can be repeated to ensure that an un-patched computer is unable to recover. The company further said that although a successful attack does not generate error messages in the NSERVER terminal, the nHTTP.exe process has indeed crashed. Restarting Domino Server will resume normal functionality, the company said.