Security Incidents mailing list archives
Re: ORBZ shut down
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Wed, 20 Mar 2002 16:53:06 -0700
On Wed, Mar 20, 2002 at 12:19:04PM -0500, jlewis () lewis org wrote:
On Wed, 20 Mar 2002, David Ulevitch wrote:I'm sending this forward to incidents for two reasons. 1) The reason ORBZ appears to have been shut down is because of the problem with Lotus Domino servers crashing/hanging when receiving bounces with null envelope senders.(check archives for exact issue)Does anyone have a complete list of any other from addresses/formats that will cause load issues on Domino. I know from Ian's bugtraq post that anything@[127.0.0.1] will do it. What about anything@localhost, anything@[servers-IP], etc.? Has Lotus fixed this in any Domino release, or are they all brain damaged.
[SNIP] There was an article in the Register today about the original posting yesterday. http://www.theregister.co.uk/content/6/24507.html In the story's update section they list this URL: http://www.notes.net/r5fixlist.nsf/6d4eae9850a5c2c28525690400551b57/70113c65e6d726e385256ad50073a906?OpenDocument I don't have a Domino server to play with so I can't confirm, but it appears they have (from what you and the Register say). ---------------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) http://pages.cpsc.ucalgary.ca/~arlt/ Computer Science ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ORBZ shut down David Ulevitch (Mar 20)
- Re: ORBZ shut down jlewis (Mar 20)
- Re: ORBZ shut down Brad Arlt (Mar 20)
- Re: ORBZ shut down jlewis (Mar 20)