PT-2014-3925 · Gnu+1 · Gcc+2

Will Dormann

Published

2014-04-23

Updated

2017-08-29

CVE-2014-0892

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Notes and Domino versions 8.5.x through 8.5.3 FP6 IF2 and versions 9.x through 9.0.1

Description The issue arises from incorrect gcc options used in IBM Notes and Domino, which makes it easier for remote attackers to execute arbitrary code. This is possible due to the absence of the NX protection mechanism, allowing attackers to place crafted x86 code on the stack.

Recommendations For versions 8.5.x through 8.5.3 FP6 IF2, update to 8.5.3 FP6 IF3 or later. For versions 9.x through 9.0.1, update to 9.0.1 FP1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-0892

Affected Products

Domino

Ibm Inotes

Gcc

PT-2014-3925 · Gnu+1 · Gcc+2

CVE-2014-0892

Weakness Enumeration

Related Identifiers

Affected Products

References · 5