Details of VAR-200106-0149

ID

VAR-200106-0149

CVE

CVE-2001-0494

TITLE

Lotus Domino vulnerable to a denial of service via DOS device request

Trust: 0.8

sources: CERT/CC: VU#890128

DESCRIPTION

Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. If numerous requests are made for MS DOS device names, ncgihttp.exe inappropriately handles them, resulting in the exhaustion of system resources

Trust: 4.86

sources: NVD: CVE-2001-0494 // CERT/CC: VU#890128 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2575 // VULHUB: VHN-3312

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 3.2
vendor:	ipswitch	model:	imail	scope:	lte	version:	6.06	Trust: 1.0
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.06	Trust: 0.6
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3

sources: CERT/CC: VU#890128 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2575 // CNNVD: CNNVD-200106-136 // NVD: CVE-2001-0494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0494
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#890128
value:	5.07
Trust: 0.8
CARNEGIE MELLON:	VU#601312
value:	9.98
Trust: 0.8
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200106-136
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3312
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0494
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3312
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3312 // CNNVD: CNNVD-200106-136 // NVD: CVE-2001-0494

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-136

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200106-136

EXTERNAL IDS

db:	OSVDB	id:	5610	Trust: 1.7
db:	NVD	id:	CVE-2001-0494	Trust: 1.7
db:	BID	id:	2575	Trust: 1.1
db:	XF	id:	6348	Trust: 0.8
db:	CERT/CC	id:	VU#890128	Trust: 0.8
db:	XF	id:	6347	Trust: 0.8
db:	BID	id:	2565	Trust: 0.8
db:	CERT/CC	id:	VU#601312	Trust: 0.8
db:	BID	id:	2598	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	BID	id:	2636	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	CNNVD	id:	CNNVD-200106-136	Trust: 0.7
db:	XF	id:	6445	Trust: 0.6
db:	BUGTRAQ	id:	20010424 IPSWITCH IMAIL 6.06 SMTP REMOTE SYSTEM ACCESS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-3312	Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3312 // BID: 2575 // CNNVD: CNNVD-200106-136 // NVD: CVE-2001-0494

REFERENCES

url:	http://www.securityfocus.com/advisories/3208	Trust: 3.2
url:	http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html	Trust: 1.7
url:	http://ipswitch.com/support/imail/news.html	Trust: 1.7
url:	http://www.osvdb.org/5610	Trust: 1.7
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6445	Trust: 1.1
url:	http://www.securityfocus.com/bid/2575	Trust: 0.8
url:	http://xforce.iss.net/static/6348.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2565	Trust: 0.8
url:	http://xforce.iss.net/static/6347.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://xforce.iss.net/static/6445.php	Trust: 0.6
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3

CREDITS

Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2575

SOURCES

db:	CERT/CC	id:	VU#890128
db:	CERT/CC	id:	VU#601312
db:	CERT/CC	id:	VU#642760
db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-3312
db:	BID	id:	2575
db:	CNNVD	id:	CNNVD-200106-136
db:	NVD	id:	CVE-2001-0494

LAST UPDATE DATE

2026-04-16T05:01:43.127000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-3312	date:	2017-10-10T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200106-136	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0494	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-3312	date:	2001-06-27T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200106-136	date:	2001-06-27T00:00:00
db:	NVD	id:	CVE-2001-0494	date:	2001-06-27T04:00:00