[NEWS] Lotus Domino DoS (Message Loop)
From: support@securiteam.comDate: 08/30/01
- Previous message: support@securiteam.com: "[NT] Respondus Stores Passwords Using Weak Encryption Methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] Lotus Domino DoS (Message Loop) Message-Id: <20010830182800.D3F63138BF@mail.der-keiler.de> Date: Thu, 30 Aug 2001 20:28:00 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Lotus Domino DoS (Message Loop)
------------------------------------------------------------------------
SUMMARY
Some oddly formed mail envelopes can cause Lotus Domino to enter a mail
routing loop and consume 100% CPU.
DETAILS
Vulnerable systems:
Lotus Domino R4.63, R5.01, R5.05 and R5.08
When a message is sent to a Lotus Domino server with an envelope similar
to:
MAIL FROM:<bounce@[127.0.0.1]>
RCPT TO:<address@domain.com>
Where domain.com is not local to the server in question, the server
attempts to bounce the message and the bounce goes into a loop, constantly
being sent back to the same server.
Workaround:
Shut down the mail server, delete the offending message from queue, and
restart the server. This will not stop the exact same thing from happening
again.
Solution:
Open Domino Administrator and connect to your Domino server.
Click on the "Configuration" tab, then on the left pane expand "Messaging"
submenu, select "Configurations". On the right panel, select your server
to open its configuration panel.
Now, you will be presented with new window named "Configuration for
server/DOMAIN"
There is a row of tabs on the top; select "Router/SMTP". You will be
presented with more tabs. Select "Restrictions and Controls" tab to get
even more tabs.
What you need is "SMTP Inbound Controls". There is a field under the
section "Inbound Sender Controls" named "Deny messages from the following
internet address/domains". Put the IP in that address, enclosed in
brackets - [127.0.0.1]. Note that you can put more than one IP address
there (i.e. your localhost and your real IP), but each must be enclosed in
its own brackets.
This workaround can save you from DoS attacks; you can even use it in the
middle of an attack to stop it. If you are already attacked and the
message bounces around, you do not need to shut down entire server, just
stop mail services, delete the message from the queue, and start services
again.
Note: This workaround is tested just for the reported vulnerability. This
should not break anything, but be careful implementing this if your Domino
server is not the main/only mail service at your location. If you
encounter problem, you can fix it easily by removing the value from the
field.
ADDITIONAL INFORMATION
The information has been provided by <mailto:ian@orbz.org> Ian Gulliver
and <mailto:radoslav.dejanovic@zagreb.hr> Radoslav Dejanovic.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Respondus Stores Passwords Using Weak Encryption Methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
