COMMAND

    Lotus Notes

SYSTEMS AFFECTED

    Lotus Domino Release 5.0.2abc (Intl) ESMTP Service on OS/2 Warp 4.5

PROBLEM

    Erik  Damsgaard  found  following  (VIGILANTE-2000011).    Earlier
    versions of the  ESMTP service can  be vulnerable.   ESMTP service
    on other operating  systems can be  vulnerable as well.   This has
    not been tested.

    When opening  a connection  to the  SMTP service  and filling  the
    arguments to the following commands:

        "rcpt to"
        "saml from"
        "soml from"

    with a buffer of size 4096 chars the service will crash.  This  is
    similar  to  the   "mail  from"  denial-of-service   vulnerability
    reported previous.  The service  will also crash when the  command
    "mail from" receives an argument on a size of 4096 chars but  that
    is a known vulnerability.

SOLUTION

    Lotus Denmark was contacted  on the 11th of  August.  The 29th  of
    August eRIK  received notification  regarding a  fix.   Fix (quote
    from the vendor):

    - 5/25/00 fix smtp crash with long mail from. (SPR WAT4KKHUR)  Fix
      is based on build v504_05192000
    - 6/19/00 More denial of service attack fixes (SPR JSHY4HEV9B) Fix
      is based on build v505_05312000

    Fix  SPR  JSHY4HEV9B  should  be  available  in  the  beginning of
    September.   Please  contact  Lotus  support  for  information  on
    location on SPR JSHY4HEV9B.