Reporter Packet Storm
`Date: Fri, 15 Jan 1999 00:52:53 PST
From: Siva Sankar Adiraju <adirajus@HOTMAIL.COM>
Subject: Lotus Notes SMTP Server bug
There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP
500 Session already established. The domain name [b] passed in with HELO
will be ignored. The current domain name of sending SMTP is [a].
If the strings `a' and `b' are very long (2048 chars), the Notes
SMTP server starts consuming CPU and crashes. A remote denial-of-
service. No workaround is known to me.
The bug exists with Notes on both Solaris and Windows platforms.
PS: This is not related to the gethostbyname() bug in Solaris 2.5.