Lotus Domino SMTP MAIL FROM Command Remote Overflow

This script is Copyright (C) 2000-2014 Tenable Network Security, Inc.


Synopsis :

The remote SMTP server is affected by a remote buffer overflow
vulnerability.

Description :

The remote Lotus Domino SMTP server is affected by a buffer overflow
vulnerability that can be triggered by an overly long argument to the
'MAIL FROM' command.

This problem may allow an attacker to crash the mail server or even
allow the execution of arbitrary code on this system.

See also :

http://downloads.securityfocus.com/vulnerabilities/exploits/smtpkill.pl

Solution :

Contact the vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 10419 (lotus_esmtp_overflow.nasl)

Bugtraq ID: 1229

CVE ID: CVE-2000-0452