5151995 2000-06-01 07:58 /68 rader/ Postmaster
Mottagare: Bugtraq (import) <11072>
Ärende: Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
X-Sender: visi@unix49.andrew.cmu.edu
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96L.1000531101619.26720C-100000@unix49.andrew.cmu.edu>
Date: Wed, 31 May 2000 10:39:58 -0400
Reply-To: Cory Visi <visi@CMU.EDU>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Cory Visi <visi@CMU.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0005182111120.8955-100000@dione.ids.pl>
This bug has been fixed in Domino 5.04. This version of Domino is
not available yet (not even by QMR update).
Customers can request a hotfix if needed.
Here's a little info about Lotus and how they treat stuff like this.
As far as I can tell they don't have anyone reading BugTraq. It has
been 7 business days since I reported the problem to Lotus Technical
Support and they have not gotten back to me. In the event of future
problems, they told me to contact Lotus Technical Support (I assume
they mean by phone).
The information I reported regarding the bug came from Iris.
.-. ,~~-. .-~~-.
~._'_.' \_ \ / `~~-
| `~- \ /
`.__.-'ory \/isi
On Thu, 18 May 2000, Michal Zalewski wrote:
-=(>Not much to say. While performing basic input validation checks
in Lotus
-=(>Domino ESMTP service (see subject) running on the top of Windows
NT system
-=(>(this applies probably to other platforms as well), within
approximately
-=(>30 seconds we found remote buffer overflow leading to system
crash (and,
-=(>if exploited, to remote system compromise). Sometimes I don't
believe this
-=(>is so simple! I could imagine that voluntary wu-ftpd developers
missed
-=(>some buffer-length checks while constructing process title - but
when I
-=(>look at such hole in product developed by major company employing
security
-=(>specialists, I ask my self is this intentional?:) Just kidding,
but with
-=(>whole respect - I believe anyone looking at the source code could
simply
-=(>SEE such buffer overflow - just like in Novell remote http
administration
-=(>bug I reported three weeks ago. Hey, but stop, I'm not going to
give
-=(>offence to these corporarions, sorry. Now, facts:
-=(>
-=(>220 *SNIP* Lotus Domino Release 5.0.1 (Intl) *SNIP*
-=(>HELO dood
-=(>250 *SNIP*
-=(>MAIL FROM: me@<four-kilobytes-of-junk>
-=(>(crash)
-=(>
-=(>
-=(>Btw. just to make it clear, I've got confirmation from Novell
about http
-=(>administration remote buffer overflow. Also, they said upgraded
modules
-=(>are available from their download area, and asked me to notify BQ
readers.
-=(>
-=(>Above statements are my own oppinions and observations
_only_. Standard
-=(>disclaimer applies.
-=(>
-=(>_______________________________________________________
-=(>Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
-=(>[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
-=(>=-----=> God is real, unless declared integer. <=-----=
-=(>
(5151995) ------------------------------------------(Ombruten)