Lotus Domino Vulnerability
Updated (3.1.1)
Impact
A remote attacker could cause a denial of service or execute
arbitrary commands on the server.
Background
The Lotus Domino
family of servers includes an e-mail server which implements
the
Simple Mail Transfer Protocol (SMTP). It also supports
extensions which allow for the use of delivery status notifications,
which provide information about the delivery status of an e-mail
message to the sender. The ENVID keyword is optionally
used by an e-mail client to specify an identifier for an outgoing
message. This identifier is then included in any delivery status
notifications regarding that message.
The Problem
By sending a very long argument to the ENVID
keyword, it is possible to cause a buffer overflow in the
mail server. This condition could be exploited by a remote
attacker to cause a denial of service or to execute arbitrary
code. Lotus Domino version 5 up through 5.04 is affected by
this vulnerability.
A second, unrelated vulnerability could allow an attacker
to cause a denial-of-service in Lotus Domino 5.0.2a and
5.0.2c by sending a very long argument
to the RCPT TO, SAML FROM,
or SOML FROM commands.
Resolution
Upgrade to the latest version
of Lotus Domino.
Where can I read more about this?
This vulnerability was discussed in S.A.F.E.R.
Security Bulletin 001103.EXP.1.9. The second vulnerability
was posted to
Bugtraq.