IBM Lotus Domino SMTP server allows attacker to relay mail
| lotus-domino-smtp-mail-relay (6591) |  Medium Risk |
Description:
A vulnerability in the SMTP server installed with Lotus Domino could allow a remote attacker to bypass the Lotus Domino SMTP server anti-relay features. A remote attacker can send a specially-crafted email message to bypass the Lotus Domino SMTP server. This allows the attacker to send spoofed email messages while concealing their true location.
Platforms Affected:
- IBM, Lotus Domino
- Microsoft, Windows 2003 Server
- Microsoft, Windows XP Professional
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Data Manipulation
References:
- CVE-1999-0512: A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
- CVE-2001-1445: Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in RCPT TO commands.
- US-CERT VU#176972: Lotus Domino SMTP Server Allows Anonymous Relay of Quoted Addresses
Reported:
Mar 01, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net