Another feature of Lotus Domino mail servers is the policy feature, which can be used to set relaying rules. With this feature, an e-mail administrator can specify the rules which determine when the server may be used for relaying mail from one remote site to another.
2/21/01
CVE 2001-0130
There is a buffer overflow condition which occurs whenever
a Lotus Notes client views an HTML attachment
containing font size tags which are not properly terminated.
This vulnerability could be exploited remotely by sending
an e-mail message containing a specially-crafted attachment
to the server, and waiting for the recipient to open the
attachment using Lotus Notes. Such an attack could cause
the server to become unresponsive or could allow the
execution of arbitrary code.
Lotus Domino version 5 up through 5.05 is affected by this vulnerability.
CVE 2000-1047
By sending a very long argument to the ENVID
keyword, it is possible to cause a buffer overflow in the
mail server. This condition could be exploited by a remote
attacker to cause a denial of service or to execute arbitrary
code. Lotus Domino version 5 up through 5.04 is affected by
this vulnerability.
CVE 2001-0260
A buffer overflow condition exists in the code
which implements the policy feature. This vulnerability could
also be used to cause a denial of service or to execute arbitrary
commands. Lotus Domino version 5 up through 5.05 is affected by
this vulnerability if the policy feature is enabled.
CAN 2000-1046
A vulnerability could allow an attacker
to cause a denial-of-service in Lotus Domino 5.0.2a and
5.0.2c by sending a very long argument
to the RCPT TO, SAML FROM,
or SOML FROM commands.