IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 2 NX Memory Protection Disabled

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote server is affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of IBM Domino (formerly IBM Lotus
Domino) on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 (FP6)
Interim Fix 2 (IF2). It is, therefore, more susceptible to
exploitation due to the GCC '-z execstack' flag being used during
compilation. This flag disables the memory protection provided by the
No eXecute (NX) bit allowing remote attackers to execute arbitrary
code more easily.

Note that this issue only affects Linux hosts running 32-bit versions
of Domino.

See also :

Solution :

Upgrade to IBM Domino 8.5.3 FP6 IF2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 73967 ()

Bugtraq ID: 67014

CVE ID: CVE-2014-0892

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now