Notes/Domino Fix List
 |  |
| SPR # KMES5YA2Q8 | Fixed in 6.0.5 release | Security fix
Regression in 6.5 |
Product Area: IBM Lotus iNotes Technical Area: Mail Platform: Cross Platform
Lotus Customer Support APAR: LO06260
SPR# KMES5YA2Q8 - Fixed a potential denial of service. This regression was introduced in 6.5. See technote# 1173969 for more details.
Technote Number: 1173969
Problem:
This issue was reported to Lotus Quality Engineering as SPR # KMES5YA2Q8 and
the issue has been addressed in Domino Web Access 6.5.3. IBM Lotus also plans
to address this in an upcoming maintenance release of 6.0.x.
Excerpt from the Lotus Notes and Domino Release 6.5.3 MR fix list (available at
http://www.ibm.com/developerworks/lotus):
Mail
SPR# KMES5YA2Q8 - Fixed a potential denial of service. This regression was
introduced in 6.5. See technote# 1173969 for more details.
The following workaround can be used to prevent this issue from occurring:
In the Router/SMTP tab of the Server Configuration document, switch to the
Restrictions and Controls tab and under Restrictions, set the Maximum Message
Size to less than 12 MB. For example:
Maximum message size:
11000 KB
In this example, messages over 11000 KB (11 MB) will be prevented from being
placed in the Mail.box on your server.
Sample callstack of KMES5YA2Q8
############################################################
### FATAL THREAD 47/124 [ nHTTP:08b4:0afc]
### FP=0x11b3a6a0, PC=0x60002c5d, SP=0x11b3a684, stksize=28
### EAX=0x00000000, EBX=0xffffffff, ECX=0x0001b000, EDX=0x3197f0e8
### ESI=0x00000000, EDI=0x18f11c74, CS=0x0000001b, SS=0x00000023
### DS=0x00000023, ES=0x00000023, FS=0x0000003b, GS=0x00000000
Flags=0x00010246
Exception code: c0000005 (ACCESS_VIOLATION)
############################################################
@[ 1] 0x60002c5d nnotes._OSFreeBBlock@12+13 (ffffffff,1b000,0,3197f0e8)
@[ 2] 0x6000ce14 nnotes._OSLocalFree@4+68 (3197f0f4,11b3a6d4,4827fe,3197f0f4)
@[ 3] 0x00482910 NINOTES.INProcessNotesLocalMemory::Deallocate+16
(3197f0f4,11b3a6e0,482bdc,3197f0f4)
@[ 4] 0x004827fe NINOTES.INProcessMemory::Deallocate+30
(3197f0f4,11b3a6ec,482bfc,3197f0f4)
@[ 5] 0x00482bdc NINOTES.operator delete+12
(3197f0f4,11b3a6f8,484f3c,3197f0f4)
@[ 6] 0x00482bfc NINOTES.operator delete[]+12
(3197f0f4,11b3a724,484e73,3197f0f4)
@[ 7] 0x00484f3c NINOTES.MemoryStream::FreePage+12
(3197f0f4,18f11c74,0,484dc1)
@[ 8] 0x00484e73 NINOTES.MemoryStream::Close+19
(18f11c74,11b3a7e4,50430a,1)
@[ 9] 0x00484d6b NINOTES.MemoryStream::`scalar deleting destructor'+11
(1,0,18f11c74,0)
@[10] 0x0050430a NINOTES.RefObject::DelRef+106
(11b3bca0,11b3bc98,18f140f4,65d8e8)
@[11] 0x0053f7d8 NINOTES.Haiku::GenerateHtml+1144
(ff800f4,77e41d83,18f140f4,0)
@[12] 0x00565387 NINOTES.Haiku::HandleDominoCmd+375
(18f140f4,18f140f4,fe9778,77e41d83)
@[13] 0x0053eae0 NINOTES.Haiku::HandleCmd+1040
(18f140f4,fe9778,0,18f140f4)
@[14] 0x00440077 NINOTES.CmdHandlerBase::PrivHandle+103
(18f140f4,0,0,fe9778)
@[15] 0x0043e15b NINOTES.CmdHandler::PrivHandle+123
(18f140f4,18e958f4,18f140f4,18f180f4)
@[16] 0x0043e27d NINOTES.CmdHandler::Handler+221
(18f140f4,fe9778,77e41d83,0)
@[17] 0x004384ba NINOTES.Cmd::Execute+58
(ef70eec,ef70c08,0,66d094)
@[18] 0x0047f313 NINOTES._InotesHTTPProcessRequest+1715
(ef70efc,ef70eec,ef70c08,0)
@[19] 0x0047ec8f NINOTES._InotesHTTPProcessRequest+47
(ef70efc,3,18f90084,427f0)
@[20] 0x100140a4 nhttpstack.HTInotesRequest::ProcessRequest+36
(ef70c08,ef70aa4,0,3)
@[21] 0x100101b1 nhttpstack.HTRequestExtContainer::ProcessRequest+545
(5,101aefc,9d8b2f8,0)
@[22] 0x1001cf3a nhttpstack.HTRequest::ProcessRequest+1722
(0,ef35992,0,11b3ff24)
@[23] 0x100215a6 nhttpstack.HTSession::StartRequest+790
(ef3599e,ef35992,0,60092571)
@[24] 0x1002a9cd nhttpstack.HTWorkerThread::CheckForWork+285
(3,ef35992,10027a80,10027aaa)
@[25] 0x1002a857 nhttpstack.HTWorkerThread::ThreadMain+87
(ef35992,0,0,0)
@[26] 0x60115d84 nnotes._ThreadWrapper@4+212 (0,0,0,0)
[27] 0x77e4a990 KERNEL32.FlsSetValue+1913
More >
Last Modified on 12/08/2013
Go back
|