IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 2 NX Memory Protection Disabled

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote server is affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of IBM Domino (formerly IBM Lotus
Domino) on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 (FP6)
Interim Fix 2 (IF2). It is, therefore, more susceptible to
exploitation due to the GCC '-z execstack' flag being used during
compilation. This flag disables the memory protection provided by the
No eXecute (NX) bit allowing remote attackers to execute arbitrary
code more easily.

Note that this issue only affects Linux hosts running 32-bit versions
of Domino.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21670264
http://www.nessus.org/u?bd46d60e

Solution :

Upgrade to IBM Domino 8.5.3 FP6 IF2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 73967 ()

Bugtraq ID: 67014

CVE ID: CVE-2014-0892