IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 2 NX Memory Protection Disabled

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote server is affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of IBM Domino (formerly IBM Lotus
Domino) on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 (FP6)
Interim Fix 2 (IF2). It is, therefore, more susceptible to
exploitation due to the GCC '-z execstack' flag being used during
compilation. This flag disables the memory protection provided by the
No eXecute (NX) bit allowing remote attackers to execute arbitrary
code more easily.

Note that this issue only affects Linux hosts running 32-bit versions
of Domino.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21670264
http://www.nessus.org/u?bd46d60e

Solution :

Upgrade to IBM Domino 8.5.3 FP6 IF2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 73967 ()

Bugtraq ID: 67014

CVE ID: CVE-2014-0892

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial