COMMAND

    Lotus Notes Domino Server

SYSTEMS AFFECTED

    Lotus Notes Domino Server 4.6

PROBLEM

    Following is based on ISS Security Advisory.  Lotus Domino  Server
    is  an  integrated  messaging  and  web  application  server.   An
    attacker can crash the Lotus  Notes Domino server and stop  e-mail
    and other services that Domino provides for an organization.

    There is an  overflow problem in  the Notes LDAP  Service (NLDAP);
    the  service  that  handles  the  LDAP  protocol. This overflow is
    related to the way that NLDAP handles the ldap_search request.  By
    sending a large amount of data to the parameter in the ldap_search
    request, an attacker can cause a PANIC in the Domino Server.  This
    will allow an attacker to stop all Domino services running on  the
    affected machine.

SOLUTION

    Upgrade to Maintenance release 4.6.6 or 5.0.