Lotus Domino SMTP Policy Overflow

2001-01-23T00:00:00
ID OSVDB:3321
Type osvdb
Reporter OSVDB
Modified 2001-01-23T00:00:00

Description

Vulnerability Description

A remote overflow exists in Lotus Domino ESMTP Service. The relay policy check fails to limit the length of the incoming domain name resulting in a buffer overflow. With a specially crafted request, an attacker can cause a Notes server crash and possible execution of arbitrary code resulting in a loss of available and possibly integrity.

Solution Description

Upgrade to version 5.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Lotus Domino ESMTP Service. The relay policy check fails to limit the length of the incoming domain name resulting in a buffer overflow. With a specially crafted request, an attacker can cause a Notes server crash and possible execution of arbitrary code resulting in a loss of available and possibly integrity.

References:

Vendor Specific Solution URL: http://www-10.lotus.com/ldd/R5FixList.nsf/Search?SearchView&Query=CMAS4NNLVG&SearchOrder=0&Start=1&Count=100 Vendor Specific Advisory URL ISS X-Force ID: 5993 Generic Exploit URL: http://www.safermag.com/advisories/0012.html CVE-2001-0260 CERT VU: 666872 Bugtraq ID: 2283