[22335] in bugtraq
Lotus Domino DoS
daemon@ATHENA.MIT.EDU (Ian Gulliver)
Mon Aug 20 18:07:23 2001
Date: Mon, 20 Aug 2001 21:19:32 +0000
From: Ian Gulliver <ian@orbz.org>
To: bugtraq@securityfocus.com
Message-ID: <20010820211932.F23908@penguinhosting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Problem:
--------
Some oddly formed mail envelopes can cause Lotus Domino to
enter a mail routing loop and consume 100% CPU.
Description:
------------
When a message is sent to a Lotus Domino server with an
envelope similar to:
MAIL FROM:<bounce@[127.0.0.1]>
RCPT TO:<address@domain.com>
where domain.com is not local to the server in question,
the server attempts to bounce the message, and the bounce
goes into a loop, constantly being sent back to the same
server.
Versions Affected:
------------------
Confirmed on Lotus Domino R4.63, R5.01, R5.05 and R5.08
Solution:
---------
Shut down the mail server, delete the offending message
from queue and restart the server. This won't stop the
exact same thing from happening again.
Notes:
------
I don't run Lotus Domino myself. I run the ORBZ project,
and this was reported to us because our scanner
generates this sort of envelope. Investigation of
versions and solutions provided by Matt Dearmon of CPA
Systems <matt@cpasystems.com>.
Ian Gulliver
ORBZ
