Re: ORBZ shut down

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Wed, Mar 20, 2002 at 12:19:04PM -0500, jlewis () lewis org wrote:
> On Wed, 20 Mar 2002, David Ulevitch wrote:
>
> >   I'm sending this forward to incidents for two reasons.
> >
> >   1) The reason ORBZ appears to have been shut down is because of the
> >   problem with Lotus Domino servers crashing/hanging when receiving
> >   bounces with null envelope senders.(check archives for exact issue)
>
> Does anyone have a complete list of any other from addresses/formats that
> will cause load issues on Domino.  I know from Ian's bugtraq post that
> anything@[127.0.0.1] will do it.  What about anything@localhost,
> anything@[servers-IP], etc.?  Has Lotus fixed this in any Domino release,
> or are they all brain damaged.
[SNIP]

There was an article in the Register today about the original posting
yesterday.  http://www.theregister.co.uk/content/6/24507.html

In the story's update section they list this URL:

http://www.notes.net/r5fixlist.nsf/6d4eae9850a5c2c28525690400551b57/70113c65e6d726e385256ad50073a906?OpenDocument

I don't have a Domino server to play with so I can't confirm, but it
appears they have (from what you and the Register say).

----------------------------------------------------------------------------
   __o          Bradley Arlt                            Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                        University Of Calgary
(_)/(_)         http://pages.cpsc.ucalgary.ca/~arlt/    Computer Science


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com