[原文]NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.
The discoverer of this vulnerability wishes to remain anonymous.
-
受影响的程序版本
IBM Lotus Domino 6.5.1
IBM Lotus Domino 6.5.3
-
不受影响的程序版本
IBM Lotus Domino 6.5.3
-
漏洞讨论
A remote denial of service vulnerability affects IBM Lotus Domino Server web service. This issue is due to a failure of the application to properly handle malformed network requests.
IBM has denied that this issue is a vulnerability and they have reported conflicting details regarding it. Please see the referenced IBM technote for more information.
An attacker may leverage this issue to crash the nHTTP.EXE web service, denying service to legitimate users.
-
漏洞利用
No exploit is required to leverage this issue. The following proof of concept GET request has been provided:
GET /cgi-bin/[xxx] HTTP/1.0 Host: 10.10.0.100
Where [xxx] represents a long string (~330) of UNICODE decimal value 430 characters.
-
解决方案
IBM has released technote 1202446 dealing with this issue. IBM claims that it is not a vulnerability as they were unable to reproduce it. It is likely that this is related to their description of the issue in the technote and that it is not congruent with that of iDEFENSE.
iDEFENSE has reported that version 6.5.3 is not vulnerable to this issue. Customers should contact the vendor for more information on obtaining the updated version.