Rapid7 Vulnerability & Exploit Database

Lotus Domino ESMTP 4K Argument Buffer Overflow

Back to Search

Lotus Domino ESMTP 4K Argument Buffer Overflow

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
05/18/2000
Created
07/25/2018
Added
11/01/2004
Modified
07/16/2012

Description

A vulnerability exists in the SMTP server that can allow a malicious user to remotely execute code on the server. The SMTP server does not conduct adequate bounds checking on the arguments to the 'RCPT TO', 'SAML FROM' or 'SOML FROM' commands.

Sending these commands with arguments whose length is 4k or greater will cause the Notes server to crash and all Notes services to discontinue functioning, regardless of successful execution of code. The Notes server will then require a manual restart, and additionally may require manual removal of mail.box and/or log.nsf files.

Solution(s)

  • lotus-domino-upgrade-r5-5_0_5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;