IBM Lotus Domino 8.5.x < 8.5.3 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Lotus Domino on the remote host
is 8.5.x prior to 8.5.3, and is, therefore, affected by the following
vulnerabilities :

- A heap-based buffer overflow error exists in the file
ndiiop.exe related to the DIIOP implementation and GIOP
request handling. (CVE-2011-0914)

- A stack-based buffer overflow error exists in the file
nrouter.exe related to the 'name' parameter in a
'Content-Type' header and malformed Notes calendar
meeting requests. (CVE-2011-0915)

- A stack-based buffer overflow error exists related to
the 'filename' parameter, MIME email messages and the
SMTP service. (CVE-2011-0916)

- A buffer overflow error exists in the file nLDAP.exe
related to handling long strings in LDAP Bind
operations. (CVE-2011-0917)

- An authentication bypass error exists related to the
'Remote Console' and 'UNC share pathnames'.
(CVE-2011-0920)

- A stack-based buffer overflow error exists in the
function 'NSFComputeEvaluateExt' function in the file
'Nnotes.dll' related to the 'tHPRAgentName' parameter
in an 'fmHttpPostRequest' OpenForm action.
(CVE-2011-3575)

Note that exploitation of several of these vulnerabilities could result
in execution of arbitrary code.

See also :

http://zerodayinitiative.com/advisories/ZDI-11-047/
http://zerodayinitiative.com/advisories/ZDI-11-048/
http://zerodayinitiative.com/advisories/ZDI-11-049/
http://zerodayinitiative.com/advisories/ZDI-11-052/
http://zerodayinitiative.com/advisories/ZDI-11-110/
http://www.nessus.org/u?8cb395e8
http://www-01.ibm.com/support/docview.wss?uid=swg21461514
http://www.nessus.org/u?7643c792

Solution :

Upgrade to Lotus Domino 8.5.3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66239 ()

Bugtraq ID: 46231
46232
46245
46361
49705

CVE ID: CVE-2011-0914
CVE-2011-0915
CVE-2011-0916
CVE-2011-0917
CVE-2011-0920
CVE-2011-3575