Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Email that can bring down Notes client

Status
Not open for further replies.
deros68

deros68

Programmer
Oct 28, 2005
12
US
I hope this is the right forum - if I need to send this elsewhere - someone please tell me what forum to use.

I have developed 5 different emails that can bring down a Notes client. I want to work with a technical person from another company to verify that these emails (with proper safety precautions) can DOS another instance of a Notes client (ie: not our shop's version) We run Notes 6.5.1 server and 6.5.3 client. My plan to is take these emails to Lotus/IBM and CERT after having proving that these emails work in at least 2 different environments. What I am trying to prove here is that our particular Notes instance, it's setup and defaults, is not responsible for the client DOS - the problem lies in the Notes bounds checking.

thanks
 
Sort by date Sort by votes
I find your case interesting.
Just one question : in the database properties of the mail client, does the option "Allow use of stored forms" make any difference to your emails if it is unchecked ?

Pascal.
 
Upvote 0 Downvote
No - the 5 different emails have no Notes specific content in them. I have simply used the ability of Notes to accept email from port 25 (in other words from the Internet) and not check the size, number, or format of five different RFC822 defined fields. I want to be sure that it is not our instance of Notes that is vulnerable - though some ill-advised setting. I am looking to correspond with another Notes shop and verify that their Notes clients will/will not be DOSsed by my DOS attack emails. Again - my attack emails are only ascii text - not created or sent by another Notes instance. For example - my emails could be sent from any RFC822 compliant SMTP server (Pine, MS Exchange, Eudora, sendmail etc..) to the receiving Notes system.

thanks
 
Upvote 0 Downvote
I suggest sending this to IBM ASAP. Even if it is particular to your Notes instance, you waould want to fix it.



BocaBurger
<===========================||////////////////|0
The pen is mightier than the sword, but the sword hurts more!
 
Upvote 0 Downvote
Ok - finally got to an IBMer who listened, let me send them an email that crashed their client on previewing the email - IBM is now fixing it. Along with the other 5 DOS attacks that I passed along. The mills of the gods grind slowly - so do the mills of IBM!!!!
 
Upvote 0 Downvote
Congratulations, and thank you for helping make Notes a better client.

Pascal.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

garion42
  • Locked
  • Question
&quot;Double&quot; attachments appearing in Lotus Notes email
Replies
3
Views
3K
pmonett
pmonett
MarcLefe
  • Locked
  • Question
IBM Lotus Notes 9 Attaching a microsoft doc (word/excel) to an email
Replies
1
Views
3K
pmonett
pmonett
MarcLefe
  • Locked
  • Question
Hyper Linking a Microsoft Doc to Lotus Notes 1
Replies
1
Views
3K
pmonett
pmonett
uslemond
  • Locked
  • Question
Re-routing email destined for an external domain to an internal address
Replies
1
Views
4K
pmonett
pmonett
Baltic00
  • Locked
  • Question
Lotus Notes Replication and Sync issue
Replies
2
Views
3K
Baltic00
Baltic00

Part and Inventory Search

Sponsor

Back
Top