lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 Jul 2004 20:34:46 +0200 (CEST)
From: Andreas Klein <Andreas.C.Klein@...sik.uni-wuerzburg.de>
To: bugtraq@...urityfocus.com
Subject: Re: DoS against Domino 6.5.1



Hello,

IBM changed his mind and a hotfix that solves the problem is available.
After installing the fix the server does not crash anymore when opening 
a message formatted as described below.
Accessing the mail with IE on Windows leads to a browser hang. You have to 
terminate the browser with the task-manager, but I think this is not a big 
problem, since the server keeps on running and you can access all other 
mails in you box and the problem normally occurs only when opening 
malformatted mails.

-- original problem report --

On Wed, 30 Jun 2004, Andreas Klein wrote:

> 
> Hello,
> 
> this problem has been reported to IBM Lotus customer support
> (PMR 37321,999,724) on Feb 16, 2004 and was reproduced by them.
> 
> Affected versions:
> Domino 6.5.1 and newer on Linux (other platforms not tested by me, but 
> Domino 6.5.1 on Windows has been found to be vulnerable too by IBM 
> support)
> 
> 
> Abstract:
> Opening certain mails via Domino Web Access leads to a crash of the whole 
> Domino-server.
> 
> 
> Detailed description:
> Open your favourite mail-program (eg. pine) and write a message to a
> person reading his mail via Domino Web Access (formerly known as 
> iNotes) with the following message content:
> (just paste all the lines below into the body of the mail)
> 
> --- snip here; do not paste this line --
> Content-Disposition: Attachment; filename="PC210017.JPG"
> Content-Type: image/jpeg;
>  Name="PC210017.JPG"
> Content-Transfer-Encoding: Base64
> 
> /9j/4Re0RXhpZgAASUkqAAgAAAALAA4BAgAgAAAAkgAAAA8BAgAYAAAAsgAAABABAgAMAAAA
> ygAAABIBAwABAAAAAQAAABoBBQABAAAA2AAAABsBBQABAAAA4AAAACgBAwABAAAAAgAAADEB
> AgAJAAAA6AAAADIBAgAUAAAACAEAABMCAwABAAAAAgAAAGmHBAABAAAAHAEAAAADAABPTFlN
> [Add here some megabytes of data. 1kB is not enough, but 12MB was 
> sufficient in all my tests]
> --- snip here; do not pste this line ---
> 
> As soon as the recipient opens the mail in Domino Web Access, the whole
> Domino server will go down.
> 
> Solution:
> There is no solution provided by IBM and they are not planning to fix the 
> problem. The proposed workaround is to limit the maximum message-size or 
> to disable the web-access.
> 


-- Andreas Klein
   asklein@....physik.uni-wuerzburg.de
   root / webmaster @cip.physik.uni-wuerzburg.de
   root / webmaster @www.physik.uni-wuerzburg.de
_____________________________________
|                                   | 
|   Long live our gracious AMIGA!   |
|___________________________________|

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ