AusCERT - ESB-2013.0647 - [Win][Linux] IBM Notes: Execute arbitrary code/commands

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2013.0647 - [Win][Linux] IBM Notes: Execute arbitrary code/commands - Remote/unauthenticated
Date: 08 May 2013

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0647
     Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977)
                                8 May 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Notes
Publisher:         IBM
Operating System:  Linux variants
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-2977  

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21635878

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977)

Flash (Alert)

Document information

IBM Notes

Software version:
8.5, 8.5.1, 8.5.2, 8.5.3, 9.0

Operating system(s):
Linux, Windows

Reference #:
1635878

Modified date:
2013-05-06

Abstract

IBM Notes has an integer overflow vulnerability which may be triggered by 
viewing a malformed PNG image.

Content

CVE ID: CVE-2013-2977

DESCRIPTION:
IBM Notes has an integer overflow vulnerability which may be triggered by 
viewing a malformed PNG image.

An integer overflow can occur resulting in allocation of less memory than 
expected. An attacker can construct specially crafted input that allows 
complete control of the application, resulting in arbitrary code execution.

Because this can be triggered by simply viewing an email in the preview 
window, it can be exploited without any interaction required.


CVE ID: CVE-2013-2977
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83967 for the 
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

AFFECTED PLATFORMS:
IBM Notes 8.5.x, 9.0

REMEDIATION:

Fix:
This issue is being tracked as SPR NPEI96K82Q. The Windows fix is included in 
Interim Fix 1 for Notes 8.5.3 Fix Pack 4 and Interim Fix 1 for Notes 9.0.

For Linux, clients are encouraged to monitor fix availability in 8.5.3 Fix 
Pack 5 and 9.0.1. Or to inquire about the possibility of obtaining a fix 
sooner, open a service request with IBM Support.

Workaround:
None

Mitigation:
Disabling JavaScript in Notes will make it more difficult to exploit the 
vulnerability, but does not prevent the vulnerability from being triggered.

REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2013-2977
http://xforce.iss.net/xforce/xfdb/83967

RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

ACKNOWLEDGEMENT
This vulnerability was reported to IBM by Lagarto of the Binamuse VRT, via 
the iSIGHT Partners GVP Program

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business 
Machines Corp., registered in many jurisdictions worldwide. Other product and 
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark information" 
at www.ibm.com/legal/copytrade.shtml.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUYnCce4yVqjM2NGpAQJUrRAAtdaiMSX0pNF72ulmD1eJDn77FU8xjVXz
xwDea8gIH5CO3ioPFCvA/4qS30SklYH7/WcECIW6y91TcH9I6rEaMhgjpxhACvJS
086LBO7XfEajlwgVhCzcx7ewBtSTAR2cJMDX3jSMwtBI39DAD665gMGRzggOvwOy
Haj3Ys51OvMbUjE7xDSt9ji23Vapzt4x1hdR33gle7iqtSJ0oRv2yRcWob9gPb13
PgG8QOZQDathUfPQLF9yVnl/sTaQWqvs6jwwZ5FihR2CRcItxlU+i/MejimcZ2yn
yQv8uTjWbacI8PzOI8iRrHdEEzXH0u9+LdSByzC73of8yPYwuYWuc1KT+5slcc1q
MgircHLRGzJKUvHHOH9SMNr9JFIHVFevGDtJiGYgfLnxSUECd4UKz9Lpg/7oLp/n
meEg9MOA93Q1yk8JnGzM9n/bPIea8pCWRZ1eNKq1f4MRPn8rPrlaq/S4L80UTbaa
XoGefeqzqmJD4zqWuQLgpiDhB6x2FFmIk7X9j00aM8M0RPnEb888tzcV2F06Px/p
qC0YQpxlhLV/sE0tF1yXGRnVHLBqVyKYoECRVl3nUbhCWqVYGmVvf9wTZDEJTnoL
g/mmNTCyUWfPRvUNUG+PU6rLRil74O8YWY1W3eFtn1i6wcysUhtBcO4Jyq2en5g2
b8pldbWCMN8=
=tzRV
-----END PGP SIGNATURE-----