SB2017082310 - Multiple vulnerabilities in IBM Sametime

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2016-2970)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unknown error. A remote attacker can read arbitrary files on the system.

2) Memory corruption (CVE-ID: CVE-2016-0729)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the Apache Xerces-C XML Parser library due to improper bounds checking during processing and error reporting. A remote attacker can send a specially crafted input documents and cause the library to crash or possibly execute arbitrary code.

Successful exploitation of the vulnerability results in denial of service.

3) XXE attack (CVE-ID: CVE-2016-4449)

The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.

Successful exploitation of the vulnerability may result in information disclosure.

4) Cross-site request forgery (CVE-ID: CVE-2016-2965)

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and force the user to log out of Sametime.

5) Information disclosure (CVE-ID: CVE-2016-2971)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to server may send replies to the wrong email addresses. A remote attacker can disclose sensitive information in stack trace error logs and perform further attacks.

6) Information disclosure (CVE-ID: CVE-2016-2969)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to server may send replies to the wrong email addresses. A remote attacker can read arbitrary files on the system.

7) Information disclosure (CVE-ID: CVE-2016-2972)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unknown error. A local attacker can credentials of the Sametime Meetings user in the local cache of the browser.

8) Cross-site scripting (CVE-ID: CVE-2016-2979)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

9) Cross-site scripting (CVE-ID: CVE-2016-2973)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

10) Security restrictions bypass (CVE-ID: CVE-2016-2977)

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can lower arbitrary hands (i.e., votes) in an e-meeting and spoof results of votes in meeting.

11) Security restrictions bypass (CVE-ID: CVE-2016-2958)

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can lower arbitrary hands (i.e., votes) in an e-meeting and spoof results of votes in meeting.

12) Security restrictions bypass (CVE-ID: CVE-2016-2959)

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can remove the primary manager's privileges.

13) Cross-site request forgery (CVE-ID: CVE-2016-0356)

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.

14) Cross-site request forgery (CVE-ID: CVE-2016-0355)

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.

15) Improper input validation (CVE-ID: CVE-2016-0354)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to insufficient validation of user supplied input. A remote attacker can upload a malicious file to a Sametime meeting room and execute arbitrary code with privileges of the current user.

16) DTD parsing stack overflow (CVE-ID: CVE-2016-4463)

The vulnerability allows a remote attacker to cause the target application to crash.

The vulnerability exists due to boundary error when processing DTD files. A remote unauthenticated attacker can cause a stack-based buffer overflow in the xml parser library by creating a specially crafted DTD file.

Successful exploitation of this vulnerability may result in denial of service.

Remediation

Install update from vendor's website.

References

• http://www-01.ibm.com/support/docview.wss?uid=swg22006233
• http://www-01.ibm.com/support/docview.wss?uid=swg22006439
• http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt