Bugtraq mailing list archives
Lotus Notes SMTP Server bug
From: adirajus () HOTMAIL COM (Siva Sankar Adiraju)
Date: Fri, 15 Jan 1999 00:52:53 PST
There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP session: helo a 250 notes.foo.com helo b 500 Session already established. The domain name [b] passed in with HELO will be ignored. The current domain name of sending SMTP is [a]. If the strings `a' and `b' are very long (2048 chars), the Notes SMTP server starts consuming CPU and crashes. A remote denial-of- service. No workaround is known to me. The bug exists with Notes on both Solaris and Windows platforms. PS: This is not related to the gethostbyname() bug in Solaris 2.5. -- Kapil Chowksey ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Wiping out setuid programs, (continued)
- Re: Wiping out setuid programs Illuminatus Primus (Jan 06)
- Re: Wiping out setuid programs Thamer Al-Herbish (Jan 06)
- Checking for most recent Solaris Security Patches spamhater () GRYMOIRE COM (Jan 06)
- Re: Checking for most recent Solaris Security Patches Ronan Waide (Jan 07)
- NFR Version 2.0.2 Research Now Available Deborah A. Greenberg (Jan 07)
- Re: Checking for most recent Solaris Security Patches Paul Brunk (Jan 08)
- Re: Checking for most recent Solaris Security Patches John D Groenveld (Jan 08)
- Re: Checking for most recent Solaris Security Patches Jon Ross (Jan 12)
- Re: Checking for most recent Solaris Security Patches Linux Mailing Lists (Jan 13)
- Re: Checking for most recent Solaris Security Patches Jon Ross (Jan 15)
- Lotus Notes SMTP Server bug Siva Sankar Adiraju (Jan 15)
- Re: Checking for most recent Solaris Security Patches //Stany (Jan 15)
- Re: Anonymous Qmail Denial of Service Perry E. Metzger (Jan 08)
- White Paper Annoucement NSS FIST (Jan 09)
- Re: Anonymous Qmail Denial of Service Snob Art Genre (Jan 10)
- Buffer overflow in www.boutell.com cgic library Jon Ribbens (Jan 10)
- Sekure SDI Advisory: mSQL Remote Bug (fwd) Sekure SDI SSC (Jan 10)
- nmap udp scan kills Neware (ex-HDS) X-terminals. Andrew V. Kovalev (Jan 11)
- Re: nmap udp scan kills Neware (ex-HDS) X-terminals. Adam Shostack (Jan 12)
- Cisco Security Notice: Cisco IOS Syslog Crash security-alert () cisco com (Jan 11)