| VID |
18041 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Lotus Domino 5.0.4 and earlier SMTP server is vulnerable to the buffer overflow attack.
The Lotus SMTP Server is a mail server, part of the integrated solutions offered in Lotus Domino and Notes server software packages. Lotus Domino/Notes server supports 'ENVID' keyword (as defined in RFC 1891). The 'ENVID' is an optional keyword which could be supplied along with 'MAIL FROM' command as follows:
MAIL FROM: <test@domain.com> ENVID=<string>
The 'ENVID' keyword of the SMTP MAIL command is used by an e-mail client to specify an "envelope identifier" for outgoing message. The SMTP server does not conduct adequate bounds checking on the 'ENVID' keyword of the "MAIL FROM:" field. This makes it possible for a malicious attacker to remotely execute code on the server by supplying a too long ENVID string within a MAIL FROM command. In the event of successful overflow, the Notes server will crash and all Notes services will discontinue functioning, regardless of successful execution of code. The Notes server will then require a manual restart, and additionally may require manual removal of mail.box and/or log.nsf files.
* References:
http://online.securityfocus.com/bid/1905
http://www.iss.net/security_center/static/5488.php |
| Recommendation |
Upgrade to the latest version of Lotus Notes/Domino (5.05 or later), available from the Notes.net Web site, http://www.notes.net |
| Related URL |
CVE-2000-1047 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
