Re: [Fwd: [Full-disclosure] iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability]

["Evgeny Legerov" <admin () gleg net>]

Hi,

I think it is not, the advisory states:
"""
The problem specifically exists within the LDAP server 
"nldap.exe." When
sending a specially crafted bind request with a long 
string to the LDAP
"""

But my BIND request was very short ;-)

Btw, I did not test Windows version of Lotus Domino, so 
the testing with ProtoVer LDAP may reveal some interesting 
bugs which does not present in Linux versions.


> Dave Aitel <dave () immunityinc com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Is this the same as one of Evgeny's bugs?
>
> - -dave
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Fedora - 
> http://enigmail.mozdev.org
>
> iD8DBQFD7QRyB8JNm+PA+iURAjF+AKCaFkPwbn4OYBYzLzZFzxRz4hnRvQCgzsBj
> 0mRgJjKsnOtTZZgbbQcW9pM=
> =iucP
> -----END PGP SIGNATURE-----

Best regards,
Evgeny Legerov
CEO, GLEG Ltd.