Re: DoS in Lotus Domino Go Webserver

[BlueBoar () THIEVCO COM (Blue Boar)]

Have you been able to to get ahold of the request they're making that is
causing the crash?  Anything in the logs?  Tried using dsniff to grab all
the URLs that come in and wait for a crash?
http://www.monkey.org/~dugsong/dsniff/
If you can reproduce the exploit, I'm pretty confident we can get
Lotus (IBM) to react.

(Normally, "help me, I'm being attacked" messages should go to the
incidents list, but it looks like there's some 0-day to be had here.)

                                        BB

> Alex Harasic wrote:
>
> Hi, Im writing to you because I'm working for an e-commerce company, and
> we're actually running netcommerce3 on a lotus domino go webserver
> 4.6.2.6, and we've been hit by some kind of deniel of service that
> exploits a problem in the cgi directory of lotus domino, making nhttp.exe
> crash with bad cgi request. I've sent mails to lotus support, looked all
> over the internet and I haven't figured out how to fix it, since all
> fixes I've seen so far are related to domino 4.6.1 and we have a domino
> 4.6.2.6, so there's no DOMCFG.NSF file to reconfigure. I went thru the
> web configuration of lotus domino, and I couldn't
> figure out how to fix this problem. Please if you know how I can fix
> this, please tell me. And sorry to bother you with this particular
> problem of mine, but since lotus has said nothing about this issue, I'm
> desperatly looking for help. Thank you.