IBM Domino 9.0 < 9.0.0 Interim Fix 4 iNotes Buffer Overflow

high Nessus Plugin ID 74223

Synopsis

The remote server is affected by a buffer overflow vulnerability.

Description

According to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.0 prior to 9.0.0 Interim Fix 4 (IF4), and thus is affected by a buffer overflow error in the iNotes component that could allow an authenticated user to execute arbitrary code.

Solution

Upgrade to IBM Domino 9.0.0 IF4 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21649476

http://www-01.ibm.com/support/docview.wss?uid=swg21650034

Plugin Details

Severity: High

ID: 74223

File Name: domino_9_0_0_if4.nasl

Version: 1.3

Type: remote

Family: Misc.

Published: 5/28/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:domino, cpe:/a:ibm:inotes

Required KB Items: Domino/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/8/2013

Vulnerability Publication Date: 9/17/2013

Reference Information

CVE: CVE-2013-4068

BID: 62481