IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 13 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

A business collaboration application running on the remote host is
affected by multiple vulnerabilities.

Description :

According to its banner, the version of IBM Domino (formerly IBM
Lotus Domino) running on the remote host is 8.5.x prior to 8.5.3 Fix
Pack 6 (FP6) Interim Fix 13 (IF13). It is, therefore, affected by the
following vulnerabilities :

- Multiple heap-based buffer overflow conditions exist in
the KeyView PDF filter when parsing a PDF document due
to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit these, by
convincing a user to open a specially crafted PDF
document, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-0277,
CVE-2016-0278, CVE-2016-0279, CVE-2016-0301)

- A security restriction bypass vulnerability exists in
the remote console due to an error that occurs when an
unspecified unsupported configuration is used involving
UNC share path names. An unauthenticated, remote
attacker can exploit this to bypass authentication and
possibly execute arbitrary code with SYSTEM privileges.

See also :

Solution :

Upgrade to IBM Domino version 8.5.3 FP6 IF13 or later.

Risk factor :

High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 92786 ()

Bugtraq ID: 90804

CVE ID: CVE-2016-0277

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now