Detections
Analytics

IBM Domino 8.5.x < 8.5.3 FP6 IF17 / 9.0.x < 9.0.1 FP8 IF2 IMAP EXAMINE Command Handling RCE (EMPHASISMINE) (credentialed check)

high Nessus Plugin ID 105411

Language:

Synopsis

A business collaboration application running on the remote host is affected by a remote code execution vulnerability.

Description

The version of IBM Domino (formerly IBM Lotus Domino) installed on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 (FP6) Interim Fix 17 (IF17) or 9.0.x prior to 9.0.1 Fix Pack 8 (FP8) Interim Fix 2 (IF2).
It is, therefore, potentially affected by a remote code execution vulnerability when handling the IMAP EXAMINE command. An authenticated, remote attacker can exploit this, using a specially crafted mailbox name in an IMAP EXAMINE command, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

EMPHASISMINE is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.

Solution

Upgrade to IBM Domino version 8.5.3 FP6 IF17 / 9.0.1 FP8 IF2 or later.

Alternatively, customers using 8.5.1, 8.5.2, and 9.0.0 can open a service request with IBM Support and reference SPR SKAIALJE9N for a custom hotfix.

See Also

http://www.nessus.org/u?7372eadf

Plugin Details

Severity: High

ID: 105411

File Name: domino_8_5_3fp6_if17.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 12/21/2017

Updated: 11/8/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2017-1274

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:domino, cpe:/a:ibm:lotus_domino

Required KB Items: Settings/ParanoidReport, installed_sw/IBM Domino

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2017

Vulnerability Publication Date: 4/14/2017

Reference Information

CVE: CVE-2017-1274

BID: 98019

CERT: 574401