Lotus Notes SMTP Server bug

From: Siva Sankar Adiraju (adirajusat_private)
Date: Fri Jan 15 1999 - 00:52:53 PST

Next message: Friedrichs, Oliver: "Re: NIS and NIS+ ephemeral ports"

Previous message: Dr. Mudge: "Re: test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP
session:

helo a
250 notes.foo.com
helo b
500 Session already established. The domain name [b] passed in with HELO
will be ignored. The current domain name of sending SMTP is [a].

If the strings `a' and `b' are very long (2048 chars), the Notes
SMTP server starts consuming CPU and crashes. A remote denial-of-
service. No workaround is known to me.

The bug exists with Notes on both Solaris and Windows platforms.

PS: This is not related to the gethostbyname() bug in Solaris 2.5.

--
Kapil Chowksey


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Next message: Friedrichs, Oliver: "Re: NIS and NIS+ ephemeral ports"
Previous message: Dr. Mudge: "Re: test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:58 PDT