Bugtraq mailing list archives
Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
From: Vanja Hrustic <vanja () RELAYGROUP COM>
Date: Mon, 6 Nov 2000 17:11:46 +0700
On Mon, Nov 06, 2000 at 10:39:34AM +0800, CaptainBig wrote:
__________________________________________________________ S.A.F.E.R. Security Bulletin 001103.EXP.1.9 __________________________________________________________ TITLE : Buffer overflow in Lotus Domino SMTP Server DATE : November 03, 2000 NATURE : Remote execution of code, Denial-of-Service AFFECTED : Lotus Notes/Domino 5 (up to and including 5.04)However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that the problem was already fixed in 5.04. See http://www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/191a4daad1890947852569580069a59d?OpenDocument&Highlight=2,ENVID and click on Mail Server - Router - SMTP The SPR# is CDOY4GFP35 Are you sure 5.04 is affected? Or the technote is lying?
I can confirm that 5.04 is vulnerable since that was the version of Notes where problem was initially found. It was NT server running 5.04. I have reinstalled Notes from scratch (on Linux) and updated it to 5.04. Here is the result: [root@x tmp]# ./smtp.pl test 900 (this script just sends 900 bytes in ENVID field - nothing too interesting :) 220 test.example.com ESMTP Service (Lotus Domino Release 5.0.4) ready at Mon, 6 Nov 2000 16:57:53 +0700 250-test.example.com Hello ME ([192.168.xxx.xxx]), pleased to meet you 250-HELP 250-SIZE 250 PIPELINING On Notes console, this appears: 11/06/2000 04:57:53 PM SMTP Server: 192.168.xxx.xxx connected Thread=[01868:00004-03076] PANIC: LookupHandle: handle out of range Fatal Error signal = 0x0000000b PID/TID = 1868/3076 Freezing all server threads ... So, yes, 5.04 is vulnerable (at least on Linux and NT). I have then installed 5.04a patch. 11/06/2000 05:07:52 PM SMTP Server: 192.168.xxx.xxx connected Thread=[02607:00004-03076] PANIC: LookupHandle: handle out of range Fatal Error signal = 0x0000000b PID/TID = 2607/3076 Freezing all server threads ... In other words - upgrade to 5.05 :) Hope this helps. -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- [SAFER] Buffer overflow in Lotus Domino SMTP Server Security Research Team (Nov 04)
- <Possible follow-ups>
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server CaptainBig (Nov 06)
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server Fyodor (Nov 07)
- Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server Vanja Hrustic (Nov 07)