A vulnerability exists in the SMTP server that can allow a malicious user to remotely execute code on the server. The SMTP server does not conduct adequate bounds checking on the arguments to the 'RCPT TO', 'SAML FROM' or 'SOML FROM' commands.
Sending these commands with arguments whose length is 4k or greater will cause the Notes server to crash and all Notes services to discontinue functioning, regardless of successful execution of code. The Notes server will then require a manual restart, and additionally may require manual removal of mail.box and/or log.nsf files.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center