SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   IBM Lotus Notes Vendors:   IBM
(A Workaround is Described) Re: Lotus Domino Mail Server Can Be Made to Consume 100% of CPU Resources By Remote Users
SecurityTracker Alert ID:  1002241
SecurityTracker URL:  http://securitytracker.com/id/1002241
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 23 2001
Impact:   Denial of service via network
Fix Available:  Yes  
Version(s): R4.63, R5.01, R5.05 and R5.08; possibly others
Description:   A mail processing vulnerability was reported in Lotus Domino. A remote user can craft a special SMTP message that will cause an endless processing loop that will cause all CPU resources to be consumed on the mail server.

A remote user can send the following type of SMTP message to a Lotus Domino server, where domain.com is a non-local domain, causing the mail server to bounce the message to the local interface (i.e., to itself):

MAIL FROM:<bounce@[127.0.0.1]>
RCPT TO:<address@domain.com>

It is reported that shutting down the mail server, deleting the offending message from the mail queue, and restarting the server will correct the condition.
Impact:   A remote user can send a special SMTP message that will cause the mail server to bounce the message to itself, causing an endless processing loop that will result in 100% CPU utilization.
Solution:   A user describes a workaround that can block the offending inbound e-mail. The solution requires configuring the "Inbound Sender Controls" setting in the "SMTP Inbound Controls" menu to "Deny messages from the following internet address/domains". For complete directions, see the Source Message.
Vendor URL:  www.lotus.con (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 21 2001 Lotus Domino Mail Server Can Be Made to Consume 100% of CPU Resources By Remote Users


 Source Message Contents
Date:  Thu, 23 Aug 2001 09:31:37 +0200
Subject:  Lotus Domino DoS solution


> where domain.com is not local to the server in question,
> the server attempts to bounce the message, and the bounce
> goes into a loop, constantly being sent back to the same
> server.

There is "Solution v1.0pl1" for this.

Open Domino Administrator and connect to your Domino server.
Click on the "Configuration" tab, then on the left pane expand "Messaging"
submenu, select "Configurations". On the right pane select your server to
open
it's configuration panel.

Now, you'll be presented with new window named "Configuration for
server/DOMAIN"
There's a row of tabs on the top; select "Router/SMTP". You'll be presented
with more
tabs. Select "Restrictions and Controls" tab to get even more tabs. :-)

What you need is "SMTP Inbound Controls". There's a field under the section
"Inbound Sender Controls"
named "Deny messages from the following internet address/domains".
Put the IP in that address, enclosed in brackets - [127.0.0.1]. Note that
you can put more than
one IP address there (i.e. your localhost and your real IP), but each must
be enclosed in it's own brackets.

This is the slight change from my previous post (rejected anyway :-) - I
made a mistake by selecting "Inbound Connection Controls" instead, which
doesn't check for senders e-mail (what is really needed here, since From:
field generates trouble, not the inbound connection; credit for the fix
goes to pero.vukojevic@hal.hr).

We tested this, and it rejects inbound connection made from address
user@[127.0.0.1] with the nice message in the log:

> 22.08.2001 17:10:32 SMTP Server: 10.11.8.110 connected
22.08.2001 17:10:32 SMTP Server [0624:0004-0200] Mail from
bounce@[127.0.0.1]
rejected for policy reasons. Sender is denied in your configuration.

This workaround can save you from DoS attacks (I've been told of at least
one such attack recently on local Domino servers here), you can even use it
in the middle of an attack to stop it.
If you're already attacked and the message bounces around, you don't need
to shut down entire server, just stop mail services, delete the message
from the queue and start services again.

Note: this workaround is tested just for the reported vulnerability. This
shouldn't break anything, but be careful implementing this if your Domino
server is not the main/only mail service at your location. If you encounter
problem, you can fix it easily by removing the value from the field, but in
any case Microsoft-like EULA is applied to this message. ;-)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC