[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Lotus Domino ESMTP Service Buffer overflow

Title: Lotus Domino ESMTP Service Buffer overflow
Released by: Vigilante
Date: 11th September 2000
Printable version: Click here 
Lotus Domino ESMTP Service Buffer overflow



Advisory Code:   VIGILANTE-2000011



Release Date:

September 11, 2000



Systems Affected:

Lotus Domino Release 5.0.2a (Intl) ESMTP Service on OS/2 Warp 4.5

Lotus Domino Release 5.0.2c (Intl) ESMTP Service on OS/2 Warp 4.5

Earlier versions of the ESMTP service can be vulnerable. ESMTP service on

other operating systems can be vulnerable as well. This has not been tested.





THE PROBLEM

When opening a connection to the SMTP service and filling the arguments to

the following commands:

"rcpt to"

"saml from"

"soml from"

with a buffer of size 4096 chars the service will crash. This is similar to

the "mail from" denial-of-service vulnerability reported in

http://www.securityfocus.com/vdb/bottom.html?vid=1229

The service will also crash when the command "mail from" receives an

argument on a size of 4096 chars but that is a known vulnerability.



Vendor Status:

Lotus Denmark was contacted on the 11th of August. The 29th of August we

received notification regarding a fix.



Fix (quote from the vendor):



" 5/25/00 fix smtp crash with long mail from. (SPR WAT4KKHUR) Fix is based

on build v504_05192000



6/19/00 More denial of service attack fixes (SPR JSHY4HEV9B) Fix is based on

build v505_05312000 "



Fix SPR JSHY4HEV9B should be available in the beginning of September.



Please contact Lotus support for information on location on SPR JSHY4HEV9B.



Vendor   URL: http://www.lotus.com/

Product  URL: http://www.lotus.com/home.nsf/welcome/dominomailserver

Copyright VIGILANTe 2000-08-11



Disclaimer:

The information within this document may change without notice. Use of

this information constitutes acceptance for use in an AS IS

condition. There are NO warranties with regard to this information.

In no event shall the author be liable for any consequences whatsoever

arising out of or in connection with the use or spread of this

information. Any use of this information lays within the user's

responsibility.



Feedback:

Please send suggestions, updates, and comments to:



VIGILANTe

mailto: swat@vigilante.com

http://www.vigilante.com






(C) 1999-2000 All rights reserved.