Unchecked Buffer in Lotus Domino 5

 
Unchecked Buffer in Lotus Domino 5
Reported May 18 by
Michal Zalewski

VERSIONS EFFECTED
Lotus Domino Server 5.0.1

DESCRIPTION

Lotus Domino Server 5.0.1 has an unchecked buffer that could allow arbitrary code to run on the server. During the an SMTP mail session, a MAIL FROM command is required by the client in order to instruct the server who the mail is from. By appending four kilobytes of characters on the end of the email address in the MAIL FROM command, the server can be made to crash.

DEMONSTRATION

Server: 220 *SNIP* Lotus Domino Release 5.0.1

Client: HELO dood

Server: 250 OK

Client: MAIL FROM: [email protected]<four-kilobytes-of-junk>

VENDOR RESPONSE

The vendor is aware of this matter, however no response was known at the time of this writing.

CREDITS
Discovered and reported by Michal Zalewski

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish