Dennis' Domino Blog

Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Permalink 08/12/11 08:38, by Dennis van Remortel, Categories: IBM, Lotus, security, Blackberry
From the blackberry site. I've posted an excerpt below:


Overview

Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages.

Affected Software

The issue affects the following software versions:
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
  • BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
  • BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
  • BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino


Note: BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected.

Extracomm releases a nice freebee: iPhone App for Lotus Notes/Domino Out of Office

Permalink 07/25/11 14:47, by Dennis van Remortel, Categories: Administration, IBM, Lotus, Traveler
My colleague found this on the appstore today, and it might look like a usefull thing for users forgetting their OOO.

ExtraComm OOO

If you are using Lotus Traveler, you should find that there is a very important feature missing, i.e. ability to set your Out of Office while you are on the road. This application is designed to fill in this gap.

More info over at ExtraComm

IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability

Permalink 07/20/11 14:19, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security
The solution in short: Upgrade to the latest version asap if you use iNotes outward facing. Some issues are fixed in 8.5.3, so beware until then.
Bugtraq ID: 46232
Class: Input Validation Error
CVE: CVE-2011-0915
Remote: Yes
Local: No
Published: Feb 07 2011 12:00AM
Updated: Jul 20 2011 11:10AM
Credit: anonymous
Vulnerable: IBM Lotus Domino 8.0.2
IBM Lotus Domino 8.0.1
IBM Lotus Domino 7.0.4
IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1)
IBM Lotus Domino 7.0.3
IBM Lotus Domino 7.0.2 FP3
IBM Lotus Domino 7.0.2 FP2
IBM Lotus Domino 7.0.2 FP1
IBM Lotus Domino 7.0.2
IBM Lotus Domino 7.0.1
IBM Lotus Domino 7.0
IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.5.5 FP3
IBM Lotus Domino 6.5.5 FP2
IBM Lotus Domino 6.5.5 FP1
IBM Lotus Domino 6.5.5
IBM Lotus Domino 6.5.4 FP 2
IBM Lotus Domino 6.5.4 FP 1
IBM Lotus Domino 6.5.4
IBM Lotus Domino 6.5.3
IBM Lotus Domino 6.5.2
IBM Lotus Domino 6.5.1
IBM Lotus Domino 6.5 .0
IBM Lotus Domino 6.0.5
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.0.3
IBM Lotus Domino 6.0.2 CF2
IBM Lotus Domino 6.0.2
IBM Lotus Domino 6.0.1
IBM Lotus Domino 6.0
IBM Lotus Domino 5.0.13
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 8.5
IBM Lotus Domino 8.0



IBM Lotus Domino is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

The following proof-of-concept code is available:
/data/vulnerabilities/exploits/46232.ics

Solution:
Updates are available. Please see the references for more information.

References:
IBM Lotus Domino Homepage (IBM)
ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execu (IBM)
(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino (ibm)

IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability

Permalink 06/17/11 20:16, by Dennis van Remortel, Categories: IBM, Websphere, security
I just saw this in my RSS feeds:

Bugtraq ID: 40322
Class: Design Error
CVE: CVE-2010-0774
Remote: Yes
Local: No
Published: May 11 2010 12:00AM
Updated: Jun 17 2011 04:00PM
Credit: IBM
Vulnerable: IBM Websphere Application Server 7.0.*
IBM Websphere Application Server 6.1.*
IBM Websphere Application Server 6.0.*
IBM Tivoli Business Service Manager 4.2.1
(See full list in original document)
Not Vulnerable: IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.0.2.41


IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability because the application fails to properly handle WebServices PKCS#7 and PKIPath tokens.

Successful exploits may allow attackers to gain unauthorized access to the service, which may lead to other attacks.
The following are vulnerable:
WebSphere Application Server prior to 6.0.2.41, 6.1.0.31, and 7.0.0.11.

Exploit:
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Solution:
Updates are available; please see the references for more information.

References:

* IBM WebSphere Application Server Product Page (IBM)
* Recommended fixes for WebSphere Application Server (IBM)
* WebSphere Application Server WebServices PKIPath and PKCS#7 token type security (IBM XForce)
* websphere vulnerability (IBM)

Security enhancements in iNotes 8.5.2 may require configuration changes in environments with reverse proxies

Permalink 06/17/11 10:27, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security, Netscaler
I was playing with the application firewall in the citrix netscaler and I found a cookie I had never seen before to get blocked.

Some quick googling gave me this Technote swg21453878. Please read it if you are using firewall/reverse proxy products in from of iNotes (or webadmin for that matter).


Technote (troubleshooting)

Problem

Some security enhancements were introduced in iNotes 8.5.2 to prevent potential Cross Site Request Forgery (CSRF) attacks, and as part of these security enhancements, there are special considerations that should be made in environments that utilize reverse proxies. Upon sending POST requests to Domino, users may encounter 400 errors on the iNotes console, and administrators may see messages similar to the following on the console:

"iNotes XSS Security: Invalid Request, missing expected nonce value; with Referer: '%s'. Request not processed, throwing exception." "iNotes XSS Security: Invalid Request, unexpected nonce value; with Referer: '%s'. Request not processed, throwing exception."

To mitigate these issues, the following two changes should be noted and accounted for:

1) When using basic authentication (Disabled session authentication), we now will utilize the ShimmerS cookie. Previously, this cookie was only used when Domino was set up for session authentication, but now, it is used no matter what authentication scheme is used.



2) There is a new extended header field that iNotes utilizes named "X-IBM-INOTES-NONCE". This header field must be allowed to pass freely between the client and server for iNotes to function properly.

In addition to these considerations, please note that some products (including Juniper VPNs) utilize mechanisms that cache or obfuscate cookies so that they are not held in their original form in the browser. Exceptions need to be made for the ShimmerS cookie for iNotes to function properly.

Resolving the problem

Take steps to allow the ShimmerS cookie and the "X-IBM-INOTES-NONCE" field to pass freely and untouched between the browser and Domino.

Lotussquash 2011, 2e editie op 30 juni

Permalink 05/09/11 15:44, by Dennis van Remortel, Categories: Lotus, General


het is alweer enige tijd geleden dat er met en door een aantal Lotus aanhangers tegen een klein zwart balletje is geslagen. Daarom heeft InterfaceFlor samen met Clear IT Consulting het idee opgevat weer eens wat op poten te zetten.

Lekker een potje squashen, ongedwongen, ontspannen sfeer.
Squashkennis niet vereist.

Wie?
Iedereen die zich geroepen voelt

Wanneer en waar?
Datum: donderdag 30 juni 2011
Aanvang: 19:00 uur
Locatie: Theo Meijer Sport Leusden
http://www.theomeijersport.nl/


De eerste aanmeldingen zijn reeds binnen en natuurlijk hopen we op nog meer enthousiaste deelnemers. Dus wil je wat lichamelijke beweging combineren met een gezellig samenzijn, dan zien we jullie aanmelding tegemoet. Graag aanmelden voor 11 juni i.v.m. het reserveren van de banen.

Potential Security Exposure: IBM WebSphere Commerce using Tivoli Directory Server

Permalink 04/21/11 08:20, by Dennis van Remortel, Categories: Administration, IBM, Websphere
All info can be found here

Flash (Alert)

Abstract

There is a potential security exposure in Tivoli Directory Server (TDS) that could affect WebSphere Commerce users.

A malicious LDAP request might cause a buffer overrun in the server, potentially allowing a remote attacker to execute arbitrary code within Tivoli Directory Server's server process. Authentication is not required to exploit this vulnerability. The vulnerability could affect WebSphere Commerce V6.0 or V7.0 environments using TDS V5.x and V6.x for LDAP.

Content

WebSphere Commerce environments using Tivoli Directory Server V5.x or V6.x for LDAP might be vulnerable.

The following versions are at risk:

WebSphere Commerce V6.0 which supports the use of TDS V5.1, V5.2, V6.0, and V6.1.

WebSphere Commerce V7.0 which supports the use of TDS V6.0, V6.1, and V6.2.

For full details on the problem and the available solutions, see the following Tivoli Directory Server document:

Security Vulnerability - CVE-2011-1206 - TDS Remote Code Execution

IBM Champion program

Permalink 04/15/11 13:03, by Dennis van Remortel, Categories: IBM, Lotus
What is the IBM Champion Program you might ask. This is the IBM description:

The IBM Champion program recognizes exceptional contributors to the technical community, non-IBMers who work alongside IBM to build solutions for a smarter planet. An IBM Champion is a developer or IT professional who leads and mentors his or her peers and helps them make best use of IBM solutions and services. Champions can be found running user groups, managing websites, speaking at conferences, answering questions in online forums, and writing blogs, how-to articles, and technical books.

The IBM Champion program recognizes and rewards these innovative thought leaders, amplifying their voice and increasing their sphere of influence on the technical community. The program incorporates existing champions from the Information Management area, who are showcased here, and we're expanding it to become IBM-wide, with near-term focus on champions associated with WebSphere, Lotus, and Rational, and then more. We invite you to learn more.


I've nominated my first Champion yesterday, so now go forth and nominate yours.

IBM Tivoli Directory Server Multiple Security Vulnerabilities

Permalink 04/13/11 21:05, by Dennis van Remortel, Categories: Administration, IBM, security
All info can be found here.

IBM Tivoli Directory Server Multiple Security Vulnerabilities

IBM Tivoli Directory Server is prone to a stack-based buffer-overflow and an information-disclosure vulnerability.

Attackers can exploit theses issues to execute arbitrary code within the context of the affected application or retrieve potentially sensitive information.

IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability

Permalink 04/06/11 10:24, by Dennis van Remortel, Categories: IBM, Lotus, security
All info can be found here.

IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability

IBM Lotus Domino is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the 'nrouter.exe' Lotus Domino server process. Failed attacks will cause denial-of-service conditions.

Versions prior to IBM Lotus Domino 8.0.2 Fix Pack 5, 8.5.1 Fix Pack 2, and 8.5.2 are vulnerable.

<< Previous :: Next >>

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic



Search

XML Feeds

Planet Lotus

powered by b2evolution

©2014 by Dennis van Remortel

Contact | b2evo skin by Asevo | open source blog | reseller hosting