Re: ORBZ shut down

From: Brad Arlt (arlt@cpsc.ucalgary.ca)
Date: 03/21/02 

Date: Wed, 20 Mar 2002 16:53:06 -0700
From: Brad Arlt <arlt@cpsc.ucalgary.ca>
To: incidents@securityfocus.com

On Wed, Mar 20, 2002 at 12:19:04PM -0500, jlewis@lewis.org wrote:
> On Wed, 20 Mar 2002, David Ulevitch wrote:
>
> > I'm sending this forward to incidents for two reasons.
> >
> > 1) The reason ORBZ appears to have been shut down is because of the
> > problem with Lotus Domino servers crashing/hanging when receiving
> > bounces with null envelope senders.(check archives for exact issue)
> >
>
> Does anyone have a complete list of any other from addresses/formats that
> will cause load issues on Domino. I know from Ian's bugtraq post that
> anything@[127.0.0.1] will do it. What about anything@localhost,
> anything@[servers-IP], etc.? Has Lotus fixed this in any Domino release,
> or are they all brain damaged.
[SNIP]

There was an article in the Register today about the original posting
yesterday. http://www.theregister.co.uk/content/6/24507.html

In the story's update section they list this URL:

http://www.notes.net/r5fixlist.nsf/6d4eae9850a5c2c28525690400551b57/70113c65e6d726e385256ad50073a906?OpenDocument

I don't have a Domino server to play with so I can't confirm, but it
appears they have (from what you and the Register say).

----------------------------------------------------------------------------
   __o Bradley Arlt Security Team Lead
 _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) http://pages.cpsc.ucalgary.ca/~arlt/ Computer Science

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com