Vulnerability Development mailing list archives
Re: DoS in Lotus Domino Go Webserver
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Thu, 1 Jun 2000 22:34:33 -0700
Have you been able to to get ahold of the request they're making that is causing the crash? Anything in the logs? Tried using dsniff to grab all the URLs that come in and wait for a crash? http://www.monkey.org/~dugsong/dsniff/ If you can reproduce the exploit, I'm pretty confident we can get Lotus (IBM) to react. (Normally, "help me, I'm being attacked" messages should go to the incidents list, but it looks like there's some 0-day to be had here.) BB
Alex Harasic wrote: Hi, Im writing to you because I'm working for an e-commerce company, and we're actually running netcommerce3 on a lotus domino go webserver 4.6.2.6, and we've been hit by some kind of deniel of service that exploits a problem in the cgi directory of lotus domino, making nhttp.exe crash with bad cgi request. I've sent mails to lotus support, looked all over the internet and I haven't figured out how to fix it, since all fixes I've seen so far are related to domino 4.6.1 and we have a domino 4.6.2.6, so there's no DOMCFG.NSF file to reconfigure. I went thru the web configuration of lotus domino, and I couldn't figure out how to fix this problem. Please if you know how I can fix this, please tell me. And sorry to bother you with this particular problem of mine, but since lotus has said nothing about this issue, I'm desperatly looking for help. Thank you.
Current thread:
- DoS in Lotus Domino Go Webserver Alex Harasic (Jun 01)
- Re: DoS in Lotus Domino Go Webserver Blue Boar (Jun 01)