359 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 658
Sjoerd *12-10-1993 +10-04-2000
Sat, Oct 11th 2014 116
For Sjoerd our son. *12-10-1993 +10-04-2000
Fri, Oct 10th 2014 124
Badkey change from XS4all ISP to Ziggo.100/10 Mbit/s
Thu, Oct 9th 2014 94
Badkey on SSL security for SMTP TCP port 465 and Domino methods of spam control
Sun, Oct 5th 2014 159
You find some of your servers are still trying to replicate from your Domino Domain?
Sun, Oct 5th 2014 188
Sophos UTM Up2Date 9.207019 package
Fri, Oct 3rd 2014 163
Top 10
What's the difference between Server 2008 and Server 2008 R2 Features Matrix
Wed, Dec 19th 2012 1514
Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g
Sun, Apr 20th 2014 1234
Running Sophos UTM Firewall Release 9.200-11 on VMware ESX
Thu, Mar 6th 2014 821
Comparing Lotus Domino/Notes and Exchange Server 2010
Tue, Feb 12th 2013 689
Exchange 2013 Hide SMTP header information
Sat, Sep 28th 2013 671
Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 658
Firmware Update FRITZ!Box Fon WLAN 7360. (FRITZ!OS 6.03)
Thu, Feb 13th 2014 643
Running WSUS 3.0 SP2 Version: 3.2.7600.256
Wed, Mar 27th 2013 617
Microsoft Exchange 2013 SCL level configuration
Fri, Sep 20th 2013 540
FRITZ!OS: New Firmware 6.05
Thu, May 29th 2014 429


IBM Lotus Domino RPC Operation Denial of Service Vulnerability. 8.5.2
John Willemse    


According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specific operation.", so a relatively low threat. Upgrade to 8.5.3 if you can, if not (because of the server changes in 8.5.3) upgrade to 8.5.2 FP4.

Source:
SecurityFocus
IBM Lotus Domino RPC Operation Denial of Service Vulnerability
Bugtraq ID: 51167
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2011-1393
Remote: Yes
Local: No
Published: Dec 22 2011 12:00AM
Updated: Jan 02 2012 11:20PM
Credit: Xiaopeng Zhang of Fortiguard Labs
Vulnerable: IBM Lotus Domino 8.5.2
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2 Fix Pack 5
IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.5.2 FP3
IBM Lotus Domino 8.5.2 FP2
IBM Lotus Domino 8.5.0.1
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0.2.4
IBM Lotus Domino 8.0.2.3
IBM Lotus Domino 8.0.2.2
IBM Lotus Domino 8.0.2.1
IBM Lotus Domino 8.0
Not Vulnerable: IBM Lotus Domino 8.5.3
IBM Lotus Domino 8.5.2 FP4


IBM Lotus Domino is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
An attacker can use readily available network utilities.

Solution:

The vendor released an update. Please see the references for details.


---------------------
http://www.badkey.com/db/blogsphere.nsf/d6plinks/JWIE-8QXSBF
Jan 28, 2012
83 hits



Recent Blog Posts
658


Wat zijn de voordelen van IPVanish ?
Fri, Oct 17th 2014 2:05p   John Willemse
Eén van de bekendste (en oudste) openbare VPN-diensten is IPVanish (https://www.ipvanish.com). IPVanish laat meerdere gebruikers tegelijkertijd via hetzelfde IP-adres met internet verbinden. Hierdoor is het ook voor overheidsdiensten niet meer te achterhalen wie wat gedaan heeft op internet. De kosten voor deze dienst bedragen 10 dollar per maand of 78 dollar per jaar (ongeveer 60 euro). Betalen voor deze dienst is naast vele andere mogelijkheden ook met iDEAL mogelijk. En momenteel gr [read] Keywords: blogSphere linkedin server
116


Sjoerd *12-10-1993 +10-04-2000
Sat, Oct 11th 2014 4:05p   John Willemse
12-10-1993- 10-04-2000 De dag waarop ik elk jaar aan je geboorte denk. Je maakte mij mama Wat een mooi geschenk. Nu je er niet meer bent, Jou verjaardag doet nu weer extra pijn Toch ben ik dankbaar dat jij er was en dat jij ons kindje mocht zijn Mamma [read] Keywords: blogSphere
124


For Sjoerd our son. *12-10-1993 +10-04-2000
Fri, Oct 10th 2014 3:25p   John Willemse
*12-10-1993 +10-04-2000 Dear Sjoerd, In these days are answers hard to find, can't just leave these emotions behind. I wonder how it feels to be you, I wonder how it feels to know the truth. If I could protect you from the start, I would put you deep in my heart. 'cause that's a place where you connot die, and all your tears will be dried. Why must it be you while you're so small? While the world is so cruel and tall? You don't even have the chance to live [read] Keywords: blogSphere
94


Badkey change from XS4all ISP to Ziggo.100/10 Mbit/s
Thu, Oct 9th 2014 3:26p   John Willemse
On the 28th of october we will change ISP. New: 100 Mbit/s / 10 Mbit/s Here the tests when on XS4all and the move to Ziggo, soon more. October 10th. 2014 XS4all http://speedtest6.ziggo.nl/ Extra on XS4all: The Badkey Team http://nl.linkedin.com/in/willemsej [read] Keywords: blogSphere linkedin
159


Badkey on SSL security for SMTP TCP port 465 and Domino methods of spam control
Sun, Oct 5th 2014 4:05p   John Willemse
We just activated the SSL via SMTP. On Badkey Domino 9. Information: - Google Securing Domino Environments with Transport Layer Security - Google Transport layer security (TLS) with simple mail transfer protocol (SMTP) Question How do you configure Lotus® Domino® for secure SMTP sessions using the STARTTLS extension? Answer To provide SSL security for SMTP transfers over TCP/IP, Domino supports the use of negotiated SSL. In a negotiated SSL scheme, the sending and receiving hosts [read] Keywords: admin collaboration domino ibm lotus notes application applications blogSphere development enterprise google linkedin mobile planetlotus planetlotus.org security server smtp wiki
188


You find some of your servers are still trying to replicate from your Domino Domain?
Sun, Oct 5th 2014 2:25p   John Willemse
Posted under Lotus Domino. Source @marc-bourassa.com This post was written by Marc on May 30, 2008 You find some of your servers are still trying to replicate like crazy with servers you’ve removed from your Domino Domain? Lotus Notes LogoAnd you’ve removed ALL connection documents that could be causing this and you’ve also gone and removed all traces of the obsolete servers from the events4.nsf database and from the ddm.nsf collection hierarchy? You must be running DDM [read] Keywords: domino ibm lotus notes blogSphere database linkedin
163


Sophos UTM Up2Date 9.207019 package
Fri, Oct 3rd 2014 4:25p   John Willemse
From @download.astaro.com/UTM/v9/virtual_appliance/README.txt (2014-Mar-04 ) Manual Downloads and MD5s can be found at Index of /UTM/v9/up2date/ http://ftp.astaro.de/UTM/v9/up2date/ I run an Astaro Security Gateway (ASG) from Sophos (now called Sophos Unified Threat Management (UTM)) for the bulk of my firewall needs at home. Sophos (and Astaro before them) did a nice thing in allowing Home Users to run the product for up to 50 internal IP addresses for free. You can download the home ver [read] Keywords: connections application blogSphere interface linkedin password profile security server smtp vmware wifi wireless




218


Badkey migration to Google Apps
Wed, Oct 1st 2014 4:25p   John Willemse
During 16 February 2014 Badkey started Domino 9, now Badkey is running IBM Notes and Domino 9 64 bit. We have to move to the next stage "Go to Google Apps". I still have 2 mailboxes that I have to move to Google. Yep 2 NSF files , and What migration can I use ? Please e-mail me for a solution at: willemsej@gmail.com The Badkey Team http://nl.linkedin.com/in/willemsej [read] Keywords: domino ibm lotus notes blogSphere google linkedin
189


Sophos UTM 9.206-35 Up2Date 9.206035 package
Fri, Sep 12th 2014 3:05p   John Willemse
Firmware version: 9.206-35 We just did the upgrade in the OTAP. UTM Up2Date 9.206 Released. 10-09-2014 / Eric Bégoc http://blogs.sophos.com/tag/up2date/ Up2Date 9.206035 package description: Remarks: System will be rebooted Configuration will be upgraded Connected RED devices will perform firmware upgrade Connected Wifi APs will perform firmware upgrade News: Bugfix Release Enhancement: Web filter allows to define exceptions based on User Agent Enhancem [read] Keywords: agent blogSphere database exchange exchange interface iphone linkedin network security server smtp wifi wiki wireless
168


SABnzbd 0.7.18
Wed, Aug 20th 2014 12:05p   John Willemse
Upgrade in de OTAP gedaan naar versie 0.7.18 Latest Version: 0.7.18 — Released: 06-JUL-2014 http://sabnzbd.org The Badkey Team http://beknown.com/john-willemse [read] Keywords: blogSphere




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition