IBM Lotus Domino RPC Operation Denial of Service Vulnerability

Bugtraq ID:	51167
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-1393
Remote:	Yes
Local:	No
Published:	Dec 22 2011 12:00AM
Updated:	Jan 02 2012 11:20PM
Credit:	Xiaopeng Zhang of Fortiguard Labs
Vulnerable:	IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2 Fix Pack 5 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.5.2 FP3 IBM Lotus Domino 8.5.2 FP2 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.5 FP1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0
Not Vulnerable:	IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 FP4

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

IBM Lotus Domino is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

An attacker can use readily available network utilities.

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

Solution:
The vendor released an update. Please see the references for details.

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

References:

• IBM Homepage (IBM)
  
• IBM Lotus Notes/Domino Server Vulnerability (Fortinet)
  
• Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes aut (IBM)
  
• Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes aut (IBM)