| VID |
12025 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Lotus Domino ESMTP service is vulnerable to a Denial of Service attack via a long MAIL FROM command.
The Lotus ESMTP Service is part of the integrated solutions offered in Lotus Domino and Notes server software packages. The ESMTP service has buffer overflow vulnerability due to unchecked buffer in code that handles the 'mail from' command. The 'rcpt to', 'saml from' and 'soml from' commands are vulnerable as well. This vulnerabilities arises when a remote attacker connects to the SMTP service and sends the listed commands with an argument of 4096 chars(4KB) and more as the following:
220 *SMTP* Lotus Domino Release .....
HELO domain.com
250 *SMTP*
MAIL FROM: test@AAAAA......['A'*4096]......AAAAAA
(long RCTP TO/SAML FROM/SOML FROM)
it can cause remote buffer overflow and leads to the server crash. It may be possible for a remote attacker to execute arbitrary code on the server. It will need a reboot in order to regain normal functionality.
* Platforms Affected :
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3
Lotus Domino Mail Server 5.0.1/5.0.2/5.0.3
* References:
http://online.securityfocus.com/bid/1229 |
| Recommendation |
* For a Denial of Service vulnerability with "mail from" :
- Apply the Fix (SRP WAT4KKHUR).
- Upgrade to the version 5.0.4 release and later, includes Fix (SRP WAT4KKHUR).
* For a Denial of Service vulnerability with "rcpt to", "saml from" , and "soml from" :
- Apply the Fix (SPR JSHY4HEV9B).
- Upgrade to the version 5.0.5 release and later, includes Fix (SPR JSHY4HEV9B). |
| Related URL |
CVE-2000-0452,CVE-2000-1046 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
