Lotus Domino LDAP Message Remote Denial of Service Vulnerability (tested and works...)

From the security focus mailing.

Please note this is a bug reported in 2006! And still isn't fixed. If you have a publicly available Domino LDAP server, take note!
(.update: fixed in 8.5.1)

Bugtraq ID:		17669
Class: 			Failure to Handle Exceptional Conditions
CVE: 	
Remote: 		Yes
Local: 			No
Published: 		Apr 24 2006 12:00AM
Updated: 		Jan 14 2010 10:51PM
Credit: 		Discovered by Evgeny Legerov.
Vulnerable:		IBM Lotus Domino 8.0.2 1
			IBM Lotus Domino 8.0.1
			IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1)
			IBM Lotus Domino 7.0.3
			IBM Lotus Domino 7.0.2 FP3
			IBM Lotus Domino 7.0.2 FP2
			IBM Lotus Domino 7.0.2 FP1
			IBM Lotus Domino 7.0.2
			IBM Lotus Domino 7.0.1
			IBM Lotus Domino 7.0
			IBM Lotus Domino 8.5 FP1
			IBM Lotus Domino 8.5
			IBM Lotus Domino 8.0

Proof of Concept here

I've tested it myself, and it does work..... (8.5 FP1 on Windows)



FAULT REPORT: Server/Org (Release 8.5FP1 June 15, 2009) process nLDAP faulted at 15-01-2010 08:48:05