Vigil@nce: Lotus Notes, denial of service via wordwrap
June 2008 by Vigil@nce
SYNTHESIS
An attacker can send an email with a very long line in order to
create a denial of service in Lotus Notes.
Gravity: 1/4
Consequences: denial of service of client
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/05/2008
Identifier: VIGILANCE-VUL-7863
IMPACTED PRODUCTS
– Lotus Notes [confidential versions]
DESCRIPTION
When Lotus Notes displays an email with lines longer than the
display width, they are wrapped in several lines by the wordwrap
feature.
However, if the line does not contain spaces, the duration of this
operation is very long. For example, a line of 1.5 millions of
characters hangs Lotus Notes during 30 minutes.
An attacker can therefore send an email with a very long line in
order to create a denial of service in Lotus Notes.
CHARACTERISTICS
Identifiers: SPR# EHET5X6Q5Z, swg21175611, VIGILANCE-VUL-7863