Date: 08 May 2013
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0647
Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977)
8 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Notes
Publisher: IBM
Operating System: Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-2977
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21635878
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977)
Flash (Alert)
Document information
IBM Notes
Software version:
8.5, 8.5.1, 8.5.2, 8.5.3, 9.0
Operating system(s):
Linux, Windows
Reference #:
1635878
Modified date:
2013-05-06
Abstract
IBM Notes has an integer overflow vulnerability which may be triggered by
viewing a malformed PNG image.
Content
CVE ID: CVE-2013-2977
DESCRIPTION:
IBM Notes has an integer overflow vulnerability which may be triggered by
viewing a malformed PNG image.
An integer overflow can occur resulting in allocation of less memory than
expected. An attacker can construct specially crafted input that allows
complete control of the application, resulting in arbitrary code execution.
Because this can be triggered by simply viewing an email in the preview
window, it can be exploited without any interaction required.
CVE ID: CVE-2013-2977
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83967 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
AFFECTED PLATFORMS:
IBM Notes 8.5.x, 9.0
REMEDIATION:
Fix:
This issue is being tracked as SPR NPEI96K82Q. The Windows fix is included in
Interim Fix 1 for Notes 8.5.3 Fix Pack 4 and Interim Fix 1 for Notes 9.0.
For Linux, clients are encouraged to monitor fix availability in 8.5.3 Fix
Pack 5 and 9.0.1. Or to inquire about the possibility of obtaining a fix
sooner, open a service request with IBM Support.
Workaround:
None
Mitigation:
Disabling JavaScript in Notes will make it more difficult to exploit the
vulnerability, but does not prevent the vulnerability from being triggered.
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2013-2977
http://xforce.iss.net/xforce/xfdb/83967
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT
This vulnerability was reported to IBM by Lagarto of the Binamuse VRT, via
the iSIGHT Partners GVP Program
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark information"
at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUYnCce4yVqjM2NGpAQJUrRAAtdaiMSX0pNF72ulmD1eJDn77FU8xjVXz
xwDea8gIH5CO3ioPFCvA/4qS30SklYH7/WcECIW6y91TcH9I6rEaMhgjpxhACvJS
086LBO7XfEajlwgVhCzcx7ewBtSTAR2cJMDX3jSMwtBI39DAD665gMGRzggOvwOy
Haj3Ys51OvMbUjE7xDSt9ji23Vapzt4x1hdR33gle7iqtSJ0oRv2yRcWob9gPb13
PgG8QOZQDathUfPQLF9yVnl/sTaQWqvs6jwwZ5FihR2CRcItxlU+i/MejimcZ2yn
yQv8uTjWbacI8PzOI8iRrHdEEzXH0u9+LdSByzC73of8yPYwuYWuc1KT+5slcc1q
MgircHLRGzJKUvHHOH9SMNr9JFIHVFevGDtJiGYgfLnxSUECd4UKz9Lpg/7oLp/n
meEg9MOA93Q1yk8JnGzM9n/bPIea8pCWRZ1eNKq1f4MRPn8rPrlaq/S4L80UTbaa
XoGefeqzqmJD4zqWuQLgpiDhB6x2FFmIk7X9j00aM8M0RPnEb888tzcV2F06Px/p
qC0YQpxlhLV/sE0tF1yXGRnVHLBqVyKYoECRVl3nUbhCWqVYGmVvf9wTZDEJTnoL
g/mmNTCyUWfPRvUNUG+PU6rLRil74O8YWY1W3eFtn1i6wcysUhtBcO4Jyq2en5g2
b8pldbWCMN8=
=tzRV
-----END PGP SIGNATURE-----
|