Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Domino | Lotus | 4.6.1 (including) | 4.6.1 (including) |
| Domino | Lotus | 4.6.3 (including) | 4.6.3 (including) |
| Domino | Lotus | 4.6.4 (including) | 4.6.4 (including) |
| Domino | Lotus | 5.0.1 (including) | 5.0.1 (including) |
| Domino | Lotus | 5.0.2 (including) | 5.0.2 (including) |
| Domino | Lotus | 5.0.3 (including) | 5.0.3 (including) |
| Domino | Lotus | 5.0.4 (including) | 5.0.4 (including) |
| Domino | Lotus | 5.0.5 (including) | 5.0.5 (including) |
| Domino | Lotus | 5.0.6 (including) | 5.0.6 (including) |
| Domino | Lotus | 5.0.7 (including) | 5.0.7 (including) |
| Domino | Lotus | 5.0.8 (including) | 5.0.8 (including) |
References
- http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2
- http://www.securityfocus.com/archive/1/209754
- http://www.securityfocus.com/bid/3212
- http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7012
- http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2
- http://www.securityfocus.com/archive/1/209754
- http://www.securityfocus.com/bid/3212
- http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7012