Lotus Domino SMTP Server Forged Localhost Mail Header DoS

medium Nessus Plugin ID 11717

Language:

Synopsis

The remote SMTP server is affected by a denial of service vulnerability.

Description

The remote SMTP server (possibly Lotus Domino) can be killed or disabled by a malformed message that bounces to itself. The routing loop exhausts all resources.

An attacker may use this to crash it continuously.

Solution

Upgrade to Domino 5.0.9 or newer.

See Also

https://marc.info/?l=vuln-dev&m=95886062521327&w=2

Plugin Details

Severity: Medium

ID: 11717

File Name: lotus_bounce_DoS.nasl

Version: 1.21

Type: remote

Published: 6/11/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/20/2001

Reference Information

CVE: CVE-2000-1203

BID: 3212