Lotus Domino SMTP ENVID Variable Handling RCE

Critical Nessus Plugin ID 10543


The remote SMTP server is affected by a remote code execution vulnerability.


The Lotus Domino SMTP server running on the remote host is affected by a buffer overflow condition due to improper validation of input to the ENVID variable within a MAIL FROM command. An unauthenticated, remote attack can exploit this, via a overly long ENVID value, to cause a denial of service condition or possibly the execution of arbitrary code.


Upgrade to Lotus Notes/Domino version 5.0.6 or later. This reportedly fixes the vulnerability.

See Also


Plugin Details

Severity: Critical

ID: 10543

File Name: lotus_envid.nasl

Version: $Revision: 1.31 $

Type: remote

Published: 2000/11/06

Modified: 2017/05/09

Dependencies: 10263, 11038

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:ND


Base Score: 9.8

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:lotus:domino_enterprise_server

Vulnerability Publication Date: 2000/11/03

Reference Information

CVE: CVE-2000-1047

BID: 1905

OSVDB: 442