IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote server is affected by multiple vulnerabilities.

Description :

According to its version, the IBM Domino (formerly IBM Lotus Domino)
on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is,
therefore, affected by the following vulnerabilities :

- A stack overflow issue exists due to the insecure
'-z execstack' flag being used during compilation, which
could aid remote attackers in executing arbitrary code.
Note that this issue only affects installs on 32-bit
hosts running Linux. (CVE-2014-0892)

- Note that the fixes in the Oracle Java CPUs for
October 2013 and January 2014 are included in the fixed
IBM Java release, which is included in the fixed IBM
Domino release. (CVE-2013-0408, CVE-2013-3829,
CVE-2013-4002, CVE-2013-4041, CVE-2013-5372,
CVE-2013-5375, CVE-2013-5456, CVE-2013-5457,
CVE-2013-5458, CVE-2013-5772, CVE-2013-5774,
CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,
CVE-2013-5782, CVE-2013-5783, CVE-2013-5784,
CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,
CVE-2013-5790, CVE-2013-5797, CVE-2013-5800,
CVE-2013-5801, CVE-2013-5802, CVE-2013-5803,
CVE-2013-5804, CVE-2013-5805, CVE-2013-5806,
CVE-2013-5809, CVE-2013-5812, CVE-2013-5814,
CVE-2013-5817, CVE-2013-5818, CVE-2013-5819,
CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,
CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,
CVE-2013-5831, CVE-2013-5832, CVE-2013-5838,
CVE-2013-5840, CVE-2013-5842, CVE-2013-5843,
CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,
CVE-2013-5851, CVE-2013-5878, CVE-2013-5884,
CVE-2013-5887, CVE-2013-5888, CVE-2013-5889,
CVE-2013-5893, CVE-2013-5896, CVE-2013-5898,
CVE-2013-5899, CVE-2013-5902, CVE-2013-5904,
CVE-2013-5907, CVE-2013-5910, CVE-2014-0368,
CVE-2014-0373, CVE-2014-0375, CVE-2014-0376,
CVE-2014-0387, CVE-2014-0403, CVE-2014-0410,
CVE-2014-0411, CVE-2014-0415, CVE-2014-0416,
CVE-2014-0417, CVE-2014-0418, CVE-2014-0422,
CVE-2014-0423, CVE-2014-0424, CVE-2014-0428,
CVE-2014-0892)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21670264
http://www.nessus.org/u?77cf0990
http://www.nessus.org/u?bd46d60e

Solution :

Upgrade to IBM Domino 9.0.1 FP 1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 73968 ()

Bugtraq ID: 59204
61310
63082
63089
63095
63098
63101
63102
63103
63106
63110
63111
63112
63115
63118
63120
63121
63122
63124
63126
63128
63129
63131
63133
63134
63135
63137
63139
63141
63142
63143
63145
63146
63147
63148
63149
63150
63151
63152
63153
63154
63155
63156
63157
63158
63224
63618
63619
63620
63621
63622
64863
64875
64882
64890
64894
64899
64907
64912
64914
64915
64916
64917
64918
64919
64920
64921
64922
64923
64924
64925
64926
64927
64928
64930
64931
64932
64933
64935
64937
67014

CVE ID: CVE-2013-0408
CVE-2013-3829
CVE-2013-4002
CVE-2013-4041
CVE-2013-5372
CVE-2013-5375
CVE-2013-5456
CVE-2013-5457
CVE-2013-5458
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5788
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5805
CVE-2013-5806
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5893
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5904
CVE-2013-5907
CVE-2013-5910
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0892