Lotus MAIL FROM Overflow DoS

2000-05-18T00:00:00
ID OSVDB:321
Type osvdb
Reporter OSVDB
Modified 2000-05-18T00:00:00

Description

Vulnerability Description

Lotus Domino ESMTP Service contains a flaw that may allow a remote or local denial of service. The issue is triggered when a large request is sent as the MAIL FROM, RCPT TO, SAML FROM, or SOML FROM commands, and will result in loss of availability for the Domino Server.

Technical Description

These vulnerabilities have been variously reported separately and together, but are related and are fixed in the Domino 5.0.5 code.

Solution Description

Upgrade to version 5.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lotus Domino ESMTP Service contains a flaw that may allow a remote or local denial of service. The issue is triggered when a large request is sent as the MAIL FROM, RCPT TO, SAML FROM, or SOML FROM commands, and will result in loss of availability for the Domino Server.

References:

Nessus Plugin ID:10419 ISS X-Force ID: 4499 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/smtpkill.pl Generic Exploit URL: http://www.securityfocus.com/archive/1/60847 CVE-2000-1046 CVE-2000-0452 Bugtraq ID: 1229