IBM Notes 8.x < 8.5.3 IF4 HF2 / 9.x < 9.0 IF2 Code Execution

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by a code
execution vulnerability.

Description :

The remote host has a version of Lotus Notes 8.x earlier than 8.5.3
Fix Pack 4 Interim Fix 2 or 9.0 earlier than Interim Fix 2. As such,
it is potentially affected by a code execution vulnerability. A flaw
in the Multi-user Profile Cleanup Service enables an attacker to
execute arbitrary code upon the next logon of a user.

See also :

http://www.nessus.org/u?8bc8ff24
http://www-01.ibm.com/support/docview.wss?uid=swg21633827

Solution :

Upgrade to IBM Notes 8.5.3 FP4 Interim Fix 2 / 9.0 Interim Fix 2 or
later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 66941 ()

Bugtraq ID: 60554

CVE ID: CVE-2013-0536

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now