COMMAND

    Lotus Notes SMTP Server

SYSTEMS AFFECTED

    Systems using Lotus Notes

PROBLEM

    Kapil Chowksey found following.  There is a security bug in  IBM's
    Lotus Notes SMTP server. eg. An SMTP session:

        helo a
        250 notes.foo.com
        helo b
        500 Session already established. The domain name [b] passed in with HELO
        will be ignored. The current domain name of sending SMTP is [a].

    If the strings `a' and `b'  are very long (2048 chars), the  Notes
    SMTP server starts consuming CPU and crashes.  A remote denial-of-
    service.   The bug exists  with Notes on both Solaris and  Windows
    platforms.

SOLUTION

    No workaround known.