Detections
Analytics

IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

critical Nessus Plugin ID 32433

Language:

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially crafted 'Accept-Language' request header. While IBM says this only results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges.

In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.

Solution

Upgrade to Lotus Domino 8.0.1 / 7.0.3 FP1 or later.

See Also

http://www.nessus.org/u?a3b5cab6

https://www-01.ibm.com/support/docview.wss?uid=swg21303057

https://www-01.ibm.com/support/docview.wss?uid=swg21303296

Plugin Details

Severity: Critical

ID: 32433

File Name: domino_7_0_3fp1.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 5/23/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Required KB Items: Domino/Version

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow)

Reference Information

CVE: CVE-2008-2240, CVE-2008-2410

BID: 29310, 29311

CWE: 119, 79

SECUNIA: 30310