Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 4517

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially-crafted 'Accept-Language' request header. While IBM only says this results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.

Solution

Upgrade to version 7.0.3 FixPack1 or 8.0.1

See Also

http://www.nessus.org/u?a3b5cab6

http://www-1.ibm.com/support/docview.wss?uid=swg21303296

http://www-1.ibm.com/support/docview.wss?uid=swg21303057

Plugin Details

Severity: Critical

ID: 4517

File Name: 4517.prm

Family: SMTP Servers

Published: 2004/08/18

Modified: 2016/01/19

Dependencies: 2004, 2005

Nessus ID: 32433

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow)

Reference Information

CVE: CVE-2008-2410, CVE-2008-2240

BID: 29310, 29311