Lotus Domino Server ESMTP Buffer Overflow Vulnerability
BID:1229
Info
Lotus Domino Server ESMTP Buffer Overflow Vulnerability
| Bugtraq ID: | 1229 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 18 2000 12:00AM |
| Updated: | May 18 2000 12:00AM |
| Credit: | Posted to Bugtraq on May 18, 2000 by Michal Zalewski <[email protected]>. Additional information provided by VIGILANTe <[email protected]> on Sep 11, 2000. |
| Vulnerable: |
Lotus Domino Mail Server 5.0.3 Lotus Domino Mail Server 5.0.2 Lotus Domino Mail Server 5.0.1 Lotus Domino Enterprise Server 5.0.3 Lotus Domino Enterprise Server 5.0.2 Lotus Domino Enterprise Server 5.0.1 |
| Not Vulnerable: | |
Discussion
Lotus Domino Server ESMTP Buffer Overflow Vulnerability
The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus Domino Server receives an argument of more than 4 KB to the any of the listed commands, the system will crash and will require a reboot in order to regain normal functionality.
The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus Domino Server receives an argument of more than 4 KB to the any of the listed commands, the system will crash and will require a reboot in order to regain normal functionality.
Exploit / POC
Lotus Domino Server ESMTP Buffer Overflow Vulnerability
SMILER <[email protected]> has released the following exploit:
SMILER <[email protected]> has released the following exploit:
Solution / Fix
Lotus Domino Server ESMTP Buffer Overflow Vulnerability
Solution:
Upgrade to Lotus Domino Version 5.0.5
Solution:
Upgrade to Lotus Domino Version 5.0.5
References
Lotus Domino Server ESMTP Buffer Overflow Vulnerability
References:
References:
- Lotus Domino R5 Mail Server (Lotus)