IBM Lotus Domino SMTP Server Malformed Meeting Request (vCal) DoS
Critical Nessus Plugin ID 21778
SynopsisThe remote SMTP server is susceptible to a denial of service attack.
DescriptionThe remote host is running Lotus Domino, a messaging and collaboration application suite.
According to the version number in its banner, the SMTP server bundled with Lotus Domino on the remote host reportedly suffers from a denial of service flaw. Specifically, the routing server will consumes 100% of the CPU when attempting to process a malformed 'vcal' meeting request. An unauthenticated attacker may be able to leverage this issue to deny service to legitimate users.
In addition, IBM has identified several additional vulnerabilities that affect this version.
SolutionUpgrade to Lotus Domino 6.5.4 FP1, 6.5.5 or 7.0 or later.