Vulnerability Development mailing list archives
Re: Notes Domino Server Platform for e-commerce?
From: martybishop () YAHOO COM (Martin Bishop)
Date: Thu, 10 Feb 2000 09:31:14 -0800
Just a note on Lotus' response: Our penetration team has found two denial-of-service vulnerabilities in Lotus Domino web service almost a year ago. We have promptly issued technical reports and send them to Lotus and IBM over all their channels we could find even remotely resembling security. There was no response for three weeks. Then I accidentally noticed a person from Lotus posting a message on BugTraq and contacted him. He then accepted our reports, thanked us and assured us the issues will be addressed ASAP. About three months later I tried to contact him again to see what is going on and I failed to receive a response until late last year (after at least 4 requests) when he apologoized for some personnel problems which have allegedly hindered the resolving of the issues we have reported. Well, at this moment, the latest Domino version with the latest patches is still vulnerable to both attacks. BTW, the first attack effectively crashes HTTPD process and the other makes all databases unreachable through web. I fear that Lotus too may be among those that won't budge unless a vulnerability is published and widely exploited by script-kiddies. And as much as I wouldn't mind seing some asses kicked after nearly a year of denial, we can't publish the vulnerabilities because we can't put our clients at risk. OTOH, this could be an isolated incident. I would really like someone from Lotus to confirm this and get those issues solved. Regards, Marty __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: Notes Domino Server Platform for e-commerce? andrej () KTU EDU (Feb 09)
- <Possible follow-ups>
- Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Wozz (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Martin Bishop (Feb 10)