Vulnerabilities > CVE-2000-1047 - Unspecified vulnerability in Lotus Domino Enterprise Server and Domino Mail Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.
Vulnerable Configurations
Nessus
| NASL family | SMTP problems |
| NASL id | LOTUS_ENVID.NASL |
| description | The Lotus Domino SMTP server running on the remote host is affected by a buffer overflow condition due to improper validation of input to the ENVID variable within a MAIL FROM command. An unauthenticated, remote attack can exploit this, via a overly long ENVID value, to cause a denial of service condition or possibly the execution of arbitrary code. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10543 |
| published | 2000-11-06 |
| reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10543 |
| title | Lotus Domino SMTP ENVID Variable Handling RCE |