According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specific operation.", so a relatively low threat. Upgrade to 8.5.3 if you can, if not (because of the server changes in 8.5.3) upgrade to 8.5.2 FP4.

Source: SecurityFocus

---

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

Bugtraq ID:	51167
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-1393
Remote:	Yes
Local:	No
Published:	Dec 22 2011 12:00AM
Updated:	Jan 02 2012 11:20PM
Credit:	Xiaopeng Zhang of Fortiguard Labs
Vulnerable:	IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2 Fix Pack 5 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.5.2 FP3 IBM Lotus Domino 8.5.2 FP2 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.5 FP1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0
Not Vulnerable:	IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 FP4

IBM Lotus Domino is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

An attacker can use readily available network utilities.

Solution:
The vendor released an update. Please see the references for details.

References:

• IBM Homepage (IBM)
  
• IBM Lotus Notes/Domino Server Vulnerability (Fortinet)
  
• Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes aut (IBM)
  
• Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes aut (IBM)
  

Via SecurityFocus:

---

Bugtraq ID:	46985
Class:	Unknown
CVE:	CVE-2011-1519
Remote:	Yes
Local:	No
Published:	Mar 22 2011 12:00AM
Updated:	Dec 01 2011 06:36AM
Credit:	Patrik Karlsson
Vulnerable:	IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5.1 Fix Pack 2 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2 Fix Pack 5 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.0.1 IBM Lotus Domino 7.0.4 IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1) IBM Lotus Domino 7.0.3 IBM Lotus Domino 7.0.2 FP3 IBM Lotus Domino 7.0.2 FP2 IBM Lotus Domino 7.0.2 FP1 IBM Lotus Domino 7.0.2 IBM Lotus Domino 7.0.1 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.6 IBM Lotus Domino 6.5.5 FP3 IBM Lotus Domino 6.5.5 FP2 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 6.5.4 FP 2 IBM Lotus Domino 6.5.4 FP 1 IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 FP 1 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0 IBM Lotus Domino 6.0.5 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.3 IBM Lotus Domino 6.0.2 CF2 IBM Lotus Domino 6.0.2 IBM Lotus Domino 6.0.1 IBM Lotus Domino 6.0 IBM Lotus Domino 5.0.13 IBM Lotus Domino 8.5.2 FP3 IBM Lotus Domino 8.5.1.1 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.5 FP1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0 IBM Lotus Domino 0
Not Vulnerable:

IBM Lotus Domino is prone to a remote authentication-bypass vulnerability.

Successfully exploiting this issue will allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

The following exploit is available:

• /data/vulnerabilities/exploits/46985.txt

Solution:

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

References:

• IBM Lotus Domino Homepage (IBM)
  
• ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Rem (ZDI Disclosures )
  
• Old 0day in Lotus Domino Server Controller (Patrik Karlsson)
  
• ZDI-11-110 (0day) IBM Lotus Domino Server Controller Authentication Bypass Remot (Zero Day Initiative)
  

Finally, IBM has released the mobile client for Sametime. Note the specific version of the Proxy Server you'll need: 8.5.2 IFR 1.

---

IBM Sametime

Description

*The IBM Sametime Mobile Client for iOS devices requires the Sametime 8.5.2 IFR 1 Proxy Server to be deployed in your infrastructure environment. Please contact your IT department to validate this is the case.*

We are very excited to bring you the IBM Sametime Mobile Client for iOS! This gives you access to IBM's award-winning platform for Unified Communications on today's hottest devices – the iPhone and iPad. The client gives you the following cool features :

• 1/1 and Group chat
• Send and receive photos
• Background message notification
• Search corporate directory for a contact
• Search contact list by name or number
• Broadcast announcements
• Customized presence status
• Chat history
• View your contact list by groups, favorites, or all contacts view.
• Add new individual contacts or groups
• Robust Business Card
• Easily import Sametime contacts into your Apple iPhone contact list.
• Manage application preferences from the Apple iPhone device settings.
• Interface is automatically optimized for the iPhone or iPad.

If you are a Sametime Unified Telephony (SUT) user, you also get the following from your iOS device:

• A dial pad to place calls with SUT
• Click to call
• Receive incoming SUT calls
• Your off the hook telephony presence is reflected to desktop rich client users
• Keep your cell number private! Recipient's caller ID shows up as your SUT number.
• Control call routing rules and
• Set preferred device for receiving your SUT calls.

If you want additional information on Sametime, visit us on http://www.ibm.com/sametime or join us at our Sametime Blog at http://www.ibm.com/sametimeblog

Any problems found with the IBM Sametime Mobile Client can be reported through the Wiki listed in the App Store support URL

A current list of IBM trademarks is available on the web as http://www.ibm.com/legal/copytrade.shtml. All references to names in the images refer to fictitious company and fictitious persons, designed for illustration purposes only.

Go read this, and apply the fixes. Your IBM HTTP server with the Websphere servers is just a rebranded Apache.

Example:

D:\IBM\bin>Apache.exe -v
Server version: IBM_HTTP_Server/6.0.2.29 Apache/2.0.47

(see update below)




Excerpt below:

---

          Apache HTTPD Security ADVISORY
          ==============================

Title:    Range header DoS vulnerability Apache HTTPD 1.3/2.x

CVE:      CVE-2011-3192: 
Date:     20110824 1600Z
Product:  Apache HTTPD Web Server
Versions: Apache 1.3 all versions, Apache 2 all versions

Description:
============

A denial of service vulnerability has been found in the way the multiple 
overlapping ranges are handled by the Apache HTTPD server:

     http://seclists.org/fulldisclosure/2011/Aug/175 

An attack tool is circulating in the wild. Active use of this tools has 
been observed.

The attack can be done remotely and with a modest number of requests can 
cause very significant memory and CPU usage on the server. 

The default Apache HTTPD installation is vulnerable.

There is currently no patch/new version of Apache HTTPD which fixes this 
vulnerability. This advisory will be updated when a long term fix 
is available. 

A full fix is expected in the next 48 hours. 

---

Update: The fix reportedly working for 2.0 and 2.2 doesn't work on 2.0 as the syntax is different. Apply the following:

# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

From the blackberry site. I've posted an excerpt below:

---

Overview

Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages.

Affected Software

The issue affects the following software versions:

• BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
• BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
• BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
• BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
• BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino

Note: BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected.

My colleague found this on the appstore today, and it might look like a usefull thing for users forgetting their OOO.



If you are using Lotus Traveler, you should find that there is a very important feature missing, i.e. ability to set your Out of Office while you are on the road. This application is designed to fill in this gap.

More info over at ExtraComm

The solution in short: Upgrade to the latest version asap if you use iNotes outward facing. Some issues are fixed in 8.5.3, so beware until then.

---

Bugtraq ID: 46232
Class: Input Validation Error
CVE: CVE-2011-0915
Remote: Yes
Local: No
Published: Feb 07 2011 12:00AM
Updated: Jul 20 2011 11:10AM
Credit: anonymous
Vulnerable: IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.0.1
IBM Lotus Domino 7.0.4
IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1)
IBM Lotus Domino 7.0.3
IBM Lotus Domino 7.0.2 FP3
IBM Lotus Domino 7.0.2 FP2
IBM Lotus Domino 7.0.2 FP1
IBM Lotus Domino 7.0.2
IBM Lotus Domino 7.0.1
IBM Lotus Domino 7.0
IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.5.5 FP3
IBM Lotus Domino 6.5.5 FP2
IBM Lotus Domino 6.5.5 FP1
IBM Lotus Domino 6.5.5
IBM Lotus Domino 6.5.4 FP 2
IBM Lotus Domino 6.5.4 FP 1
IBM Lotus Domino 6.5.4
IBM Lotus Domino 6.5.3
IBM Lotus Domino 6.5.2
IBM Lotus Domino 6.5.1
IBM Lotus Domino 6.5 .0
IBM Lotus Domino 6.0.5
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.0.3
IBM Lotus Domino 6.0.2 CF2
IBM Lotus Domino 6.0.2
IBM Lotus Domino 6.0.1
IBM Lotus Domino 6.0
IBM Lotus Domino 5.0.13
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0



IBM Lotus Domino is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

The following proof-of-concept code is available:
/data/vulnerabilities/exploits/46232.ics

Solution:
Updates are available. Please see the references for more information.

References:
IBM Lotus Domino Homepage (IBM)
ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execu (IBM)
(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino (ibm)

I just saw this in my RSS feeds:

Bugtraq ID: 40322
Class: Design Error
CVE: CVE-2010-0774
Remote: Yes
Local: No
Published: May 11 2010 12:00AM
Updated: Jun 17 2011 04:00PM
Credit: IBM
Vulnerable: IBM Websphere Application Server 7.0.*
IBM Websphere Application Server 6.1.*
IBM Websphere Application Server 6.0.*
IBM Tivoli Business Service Manager 4.2.1
(See full list in original document)
Not Vulnerable: IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.0.2.41


IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability because the application fails to properly handle WebServices PKCS#7 and PKIPath tokens.

Successful exploits may allow attackers to gain unauthorized access to the service, which may lead to other attacks.
The following are vulnerable:
WebSphere Application Server prior to 6.0.2.41, 6.1.0.31, and 7.0.0.11.

Exploit:
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Solution:
Updates are available; please see the references for more information.

References:

* IBM WebSphere Application Server Product Page (IBM)
* Recommended fixes for WebSphere Application Server (IBM)
* WebSphere Application Server WebServices PKIPath and PKCS#7 token type security (IBM XForce)
* websphere vulnerability (IBM)

I was playing with the application firewall in the citrix netscaler and I found a cookie I had never seen before to get blocked.

Some quick googling gave me this Technote swg21453878. Please read it if you are using firewall/reverse proxy products in from of iNotes (or webadmin for that matter).

---

Technote (troubleshooting)

Problem

Some security enhancements were introduced in iNotes 8.5.2 to prevent potential Cross Site Request Forgery (CSRF) attacks, and as part of these security enhancements, there are special considerations that should be made in environments that utilize reverse proxies. Upon sending POST requests to Domino, users may encounter 400 errors on the iNotes console, and administrators may see messages similar to the following on the console:

"iNotes XSS Security: Invalid Request, missing expected nonce value; with Referer: '%s'. Request not processed, throwing exception." "iNotes XSS Security: Invalid Request, unexpected nonce value; with Referer: '%s'. Request not processed, throwing exception."

To mitigate these issues, the following two changes should be noted and accounted for:

1) When using basic authentication (Disabled session authentication), we now will utilize the ShimmerS cookie. Previously, this cookie was only used when Domino was set up for session authentication, but now, it is used no matter what authentication scheme is used.



2) There is a new extended header field that iNotes utilizes named "X-IBM-INOTES-NONCE". This header field must be allowed to pass freely between the client and server for iNotes to function properly.

In addition to these considerations, please note that some products (including Juniper VPNs) utilize mechanisms that cache or obfuscate cookies so that they are not held in their original form in the browser. Exceptions need to be made for the ShimmerS cookie for iNotes to function properly.

Resolving the problem

Take steps to allow the ShimmerS cookie and the "X-IBM-INOTES-NONCE" field to pass freely and untouched between the browser and Domino.

het is alweer enige tijd geleden dat er met en door een aantal Lotus aanhangers tegen een klein zwart balletje is geslagen. Daarom heeft InterfaceFlor samen met Clear IT Consulting het idee opgevat weer eens wat op poten te zetten.

Lekker een potje squashen, ongedwongen, ontspannen sfeer.
Squashkennis niet vereist.

Wie?
Iedereen die zich geroepen voelt

Wanneer en waar?
Datum: donderdag 30 juni 2011
Aanvang: 19:00 uur
Locatie: Theo Meijer Sport Leusden
http://www.theomeijersport.nl/


De eerste aanmeldingen zijn reeds binnen en natuurlijk hopen we op nog meer enthousiaste deelnemers. Dus wil je wat lichamelijke beweging combineren met een gezellig samenzijn, dan zien we jullie aanmelding tegemoet. Graag aanmelden voor 11 juni i.v.m. het reserveren van de banen.