Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00


                                            `Date: Fri, 15 Jan 1999 00:52:53 PST  
From: Siva Sankar Adiraju <adirajus@HOTMAIL.COM>  
To: BUGTRAQ@netspace.org  
Subject: Lotus Notes SMTP Server bug  
There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP  
helo a  
250 notes.foo.com  
helo b  
500 Session already established. The domain name [b] passed in with HELO  
will be ignored. The current domain name of sending SMTP is [a].  
If the strings `a' and `b' are very long (2048 chars), the Notes  
SMTP server starts consuming CPU and crashes. A remote denial-of-  
service. No workaround is known to me.  
The bug exists with Notes on both Solaris and Windows platforms.  
PS: This is not related to the gethostbyname() bug in Solaris 2.5.  
Kapil Chowksey