IMAP: Domino Set Quota

This signature detects attempts to modify the user quota on an IMAP server. Domino 6.5.0 and 6.5.1 allow any user to modify its quota regardless of its rights on the server.

Extended Description

IBM Lotus Domino server is reported to improperly allow users to alter their own mail storage quota values. A user's mailbox is assigned a quota to limit the amount of data that can be consumed by email on the server. This quota is assigned by the administrator of the application. An attacker could possibly use this vulnerability to raise their mailbox's quota to a very large amount, and then proceed to fill the mail servers storage device. This will result in a denial of service condition, where new mail will not be able to be stored on the full disk. Domino version 6.5.0 and 6.5.1 are reported vulnerable to this issue.

Affected Products

Ibm lotus_domino

References

BugTraq: 10642

CVE: CVE-2004-0669

URL: http://nvd.nist.gov/nvd.cfm?cvename=CAN-2004-0669

Short Name

IMAP:SET-QUOTA

Severity

Minor

Recommended

False

Recommended Action

None

IMAP: Domino Set Quota

Extended Description

Affected Products

References

Found a potential security threat?