361 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Top 10 Reasons I Left Lotus Notes for Google Apps
Tue, Nov 4th 2014 985
Badkey ISP change to Ziggo.100/10 Mbit/s
Tue, Oct 28th 2014 731
Badkey runs with SPF (Sender Policy Framework) record
Wed, Oct 22nd 2014 144
Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 791
Sjoerd *12-10-1993 +10-04-2000
Sat, Oct 11th 2014 102
For Sjoerd our son. *12-10-1993 +10-04-2000
Fri, Oct 10th 2014 100
Badkey change from XS4all ISP to Ziggo.100/10 Mbit/s
Thu, Oct 9th 2014 108
Top 10
Top 10 Reasons I Left Lotus Notes for Google Apps
Tue, Nov 4th 2014 985
Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 791
Badkey ISP change to Ziggo.100/10 Mbit/s
Tue, Oct 28th 2014 731
Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g
Sun, Apr 20th 2014 368
Running Sophos UTM Firewall Release 9.200-11 on VMware ESX
Thu, Mar 6th 2014 314
Running WSUS 3.0 SP2 Version: 3.2.7600.256
Wed, Mar 27th 2013 289
What's the difference between Server 2008 and Server 2008 R2 Features Matrix
Wed, Dec 19th 2012 270
Exchange 2013 Hide SMTP header information
Sat, Sep 28th 2013 239
Comparing Lotus Domino/Notes and Exchange Server 2010
Tue, Feb 12th 2013 194
Firmware Update FRITZ!Box Fon WLAN 7360. (FRITZ!OS 6.03)
Thu, Feb 13th 2014 192


IBM Lotus Domino RPC Operation Denial of Service Vulnerability. 8.5.2
John Willemse    


According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specific operation.", so a relatively low threat. Upgrade to 8.5.3 if you can, if not (because of the server changes in 8.5.3) upgrade to 8.5.2 FP4.

Source:
SecurityFocus
IBM Lotus Domino RPC Operation Denial of Service Vulnerability
Bugtraq ID: 51167
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2011-1393
Remote: Yes
Local: No
Published: Dec 22 2011 12:00AM
Updated: Jan 02 2012 11:20PM
Credit: Xiaopeng Zhang of Fortiguard Labs
Vulnerable: IBM Lotus Domino 8.5.2
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2 Fix Pack 5
IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.5.2 FP3
IBM Lotus Domino 8.5.2 FP2
IBM Lotus Domino 8.5.0.1
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2.4
IBM Lotus Domino 8.0.2.3
IBM Lotus Domino 8.0.2.2
IBM Lotus Domino 8.0.2.1
IBM Lotus Domino 8.0
Not Vulnerable: IBM Lotus Domino 8.5.3
IBM Lotus Domino 8.5.2 FP4


IBM Lotus Domino is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
An attacker can use readily available network utilities.

Solution:

The vendor released an update. Please see the references for details.


---------------------
http://www.badkey.com/db/blogsphere.nsf/d6plinks/JWIE-8QXSBF
Jan 28, 2012
36 hits



Recent Blog Posts
985


Top 10 Reasons I Left Lotus Notes for Google Apps
Tue, Nov 4th 2014 4:05p   John Willemse
Just a remark as Badkey.com is a IBM Domino place and the Disclaimer is clear. Source: http://www.cloudsherpas.com/partner-google/top-10-reasons-i-left-lotus-notes-for-google-apps/ By: David Hoff (July 22, 2009) http://www.cloudsherpas.com/author/dhoff/ For the last 10+ years, I’ve spent countless nights and weekends keeping Lotus Notes/Domino running at organizations of all sizes. In the process, I’ve gathered more certifications than can fit on a business card (CLS, CLP [read] Keywords: adminp clp domino ibm lotus notes pclp smart upgrade blogSphere email google java linkedin
731


Badkey ISP change to Ziggo.100/10 Mbit/s
Tue, Oct 28th 2014 2:45p   John Willemse
Today we changed ISP to Ziggo New test: Old test: The Badkey Team http://nl.linkedin.com/in/willemsej [read] Keywords: blogSphere linkedin
144


Badkey runs with SPF (Sender Policy Framework) record
Wed, Oct 22nd 2014 1:05p   John Willemse
I know old information but just a reminder we are running this already as of Saturday 1st, July 2006. SPF (Sender Policy Framework) is an e-mail protocol that fights return-path address forgery and makes it easier for ISPs to identify spoofed addresses. For this reason, e-mail newsletter publishers who have published an SPF record stand a better chance of their e-mail being delivered. Is it a cure-all for spam? By no means, but it is an important step in the attack on spam. E-mail publishers [read] Keywords: blogSphere community linkedin smtp wiki
791


Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 2:05p   John Willemse
Eén van de bekendste (en oudste) openbare VPN-diensten is IPVanish (https://www.ipvanish.com). IPVanish laat meerdere gebruikers tegelijkertijd via hetzelfde IP-adres met internet verbinden. Hierdoor is het ook voor overheidsdiensten niet meer te achterhalen wie wat gedaan heeft op internet. De kosten voor deze dienst bedragen 10 dollar per maand of 78 dollar per jaar (ongeveer 60 euro). Betalen voor deze dienst is naast vele andere mogelijkheden ook met iDEAL mogelijk. En momenteel gr [read] Keywords: blogSphere linkedin server
102


Sjoerd *12-10-1993 +10-04-2000
Sat, Oct 11th 2014 4:05p   John Willemse
12-10-1993- 10-04-2000 De dag waarop ik elk jaar aan je geboorte denk. Je maakte mij mama Wat een mooi geschenk. Nu je er niet meer bent, Jou verjaardag doet nu weer extra pijn Toch ben ik dankbaar dat jij er was en dat jij ons kindje mocht zijn Mamma [read] Keywords: blogSphere
100


For Sjoerd our son. *12-10-1993 +10-04-2000
Fri, Oct 10th 2014 3:25p   John Willemse
*12-10-1993 +10-04-2000 Dear Sjoerd, In these days are answers hard to find, can't just leave these emotions behind. I wonder how it feels to be you, I wonder how it feels to know the truth. If I could protect you from the start, I would put you deep in my heart. 'cause that's a place where you connot die, and all your tears will be dried. Why must it be you while you're so small? While the world is so cruel and tall? You don't even have the chance to live [read] Keywords: blogSphere




108


Badkey change from XS4all ISP to Ziggo.100/10 Mbit/s
Thu, Oct 9th 2014 3:26p   John Willemse
On the 28th of october we will change ISP. New: 100 Mbit/s / 10 Mbit/s Here the tests when on XS4all and the move to Ziggo, soon more. October 10th. 2014 XS4all http://speedtest6.ziggo.nl/ Extra on XS4all: The Badkey Team http://nl.linkedin.com/in/willemsej [read] Keywords: blogSphere linkedin
114


Badkey on SSL security for SMTP TCP port 465 and Domino methods of spam control
Sun, Oct 5th 2014 4:05p   John Willemse
We just activated the SSL via SMTP. On Badkey Domino 9. Information: - Google Securing Domino Environments with Transport Layer Security - Google Transport layer security (TLS) with simple mail transfer protocol (SMTP) Question How do you configure Lotus® Domino® for secure SMTP sessions using the STARTTLS extension? Answer To provide SSL security for SMTP transfers over TCP/IP, Domino supports the use of negotiated SSL. In a negotiated SSL scheme, the sending and receiving hosts [read] Keywords: admin collaboration domino ibm lotus notes application applications blogSphere development enterprise google linkedin mobile planetlotus planetlotus.org security server smtp wiki
107


You find some of your servers are still trying to replicate from your Domino Domain?
Sun, Oct 5th 2014 2:25p   John Willemse
Posted under Lotus Domino. Source @marc-bourassa.com This post was written by Marc on May 30, 2008 You find some of your servers are still trying to replicate like crazy with servers you’ve removed from your Domino Domain? Lotus Notes LogoAnd you’ve removed ALL connection documents that could be causing this and you’ve also gone and removed all traces of the obsolete servers from the events4.nsf database and from the ddm.nsf collection hierarchy? You must be running DDM [read] Keywords: domino ibm lotus notes blogSphere database linkedin
114


Sophos UTM Up2Date 9.207019 package
Fri, Oct 3rd 2014 4:25p   John Willemse
From @download.astaro.com/UTM/v9/virtual_appliance/README.txt (2014-Mar-04 ) Manual Downloads and MD5s can be found at Index of /UTM/v9/up2date/ http://ftp.astaro.de/UTM/v9/up2date/ I run an Astaro Security Gateway (ASG) from Sophos (now called Sophos Unified Threat Management (UTM)) for the bulk of my firewall needs at home. Sophos (and Astaro before them) did a nice thing in allowing Home Users to run the product for up to 50 internal IP addresses for free. You can download the home ver [read] Keywords: connections application blogSphere interface linkedin password profile security server smtp vmware wifi wireless




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition