Preface: SMTP ENVID overflowLogo -Internet Security Systems

SMTP ENVID overflow
advICE :Intrusions : 2001030
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A buffer overflow attack may have been attempted against the SMTP service.

Details

Newer versions of SMTP support extensions for "Deliver Service Notifications". This allows users to get more detailed diagnostic information as to why their e-mail could not be delivered.

The Lotus Domino e-mail server (and possibly others) contains a buffer-overflow bug vulnerability in the the ENVID specification. This vulnerability can be used to crash the server or run arbitrary code on the server.

Trigger

This alert triggers when an ENVID field longer than 100 characters has been seen.

 more information
BugtraqID: 1905   Lotus Domino SMTP Server ENVID Buffer Overflow and DoS Vulnerability
 
RFC1891   SMTP Service Extension for Delivery Status Notifications
 

 parametric information
lenLength of the ENVID field
envidValue of the ENVID field

 
Version appeared: 2.5
Privacy Policy |  Copyright Info