Bugtraq mailing list archives
Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
From: nsu () ELFTECH COM (Su, Nick)
Date: Sat, 20 May 2000 00:26:34 -0700
Well, I tried the same exercise on an WinNT4 (SP6) and 5.03 (US version), crashed the nSMTP.EXE task... Lotus (IBM), it's your turn to respond... Michal Zalewski <lcamtuf () DIONE ID To: BUGTRAQ () SECURITYFOCUS COM S.PL> cc: Sent by: Bugtraq Subject: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) List <BUGTRAQ@SECURITY FOCUS.COM> 05/18/2000 12:11 PM Please respond to Michal Zalewski Not much to say. While performing basic input validation checks in Lotus Domino ESMTP service (see subject) running on the top of Windows NT system (this applies probably to other platforms as well), within approximately 30 seconds we found remote buffer overflow leading to system crash (and, if exploited, to remote system compromise). Sometimes I don't believe this is so simple! I could imagine that voluntary wu-ftpd developers missed some buffer-length checks while constructing process title - but when I look at such hole in product developed by major company employing security specialists, I ask my self is this intentional?:) Just kidding, but with whole respect - I believe anyone looking at the source code could simply SEE such buffer overflow - just like in Novell remote http administration bug I reported three weeks ago. Hey, but stop, I'm not going to give offence to these corporarions, sorry. Now, facts: 220 *SNIP* Lotus Domino Release 5.0.1 (Intl) *SNIP* HELO dood 250 *SNIP* MAIL FROM: me@<four-kilobytes-of-junk> (crash) Btw. just to make it clear, I've got confirmation from Novell about http administration remote buffer overflow. Also, they said upgraded modules are available from their download area, and asked me to notify BQ readers. Above statements are my own oppinions and observations _only_. Standard disclaimer applies. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Su, Nick (May 20)
- <Possible follow-ups>
- Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) SMILER (May 23)