CVE-2000-1046
published 2000-12-11CVE-2000-1046: Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute…
PriorityP433critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.10%
92.5th percentile
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lotus | domino | — | — |
| lotus | domino | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow
exploitdb·2000-05-18
CVE-2000-1046 Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow
---
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 Buffer Overflow
source: https://www.securityfocus.com/bid/1229/info
The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus Domino Server receives an argument of more than 4 KB to the any of the listed commands, the system will crash and will require a reboot in order to regain normal functionality.
#!/usr/bin/perl
# Need net::telnet to run
# Expl0it By [email protected]
# Tested with sucess against Lotus Notes 5.0.1, 5.0.2b, 5.0.3
# CMail Server version 2.4.6, Argosoft Mail Server version 1.2.1.0
# and proba
Exploit-DB
Michael Sandrof IrcII 4.4-7 - Remote Buffer Overflow
exploitdb·2000-03-10
CVE-2000-0183 Michael Sandrof IrcII 4.4-7 - Remote Buffer Overflow
Michael Sandrof IrcII 4.4-7 - Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/1046/info
IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client.
This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.
/*
ircii-4.4 exploit by bladi & aLmUDeNa
buffer overflow in ircii dcc chat's
allow to excute arbitrary
Affected:
ircII-4.4
Pat
No writeups or analysis indexed.
2000-12-11
Published