Sunday, February 6, 2011

(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino

(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino
 Flash (Alert)
Abstract
TippingPoint's Zero Day Initiative (ZDI) contacted IBM Lotus to report nine potential buffer overflow vulnerabilities in Lotus Notes and Domino; for four of which IBM Lotus has fixes, two of which IBM Lotus continues to investigate a fix, and three of which IBM Lotus cannot reproduce and is pursuing additional information.

Content

Most of these attacks represent denial of service attacks by buffer overflow. To exploit these vulnerabilities, an attacker would need to send maliciously malformed messages to the Lotus Domino server over a variety of protocols as indicated below. However, in specific situations, there exists the possibility to execute arbitrary code. In the case of ZDI-CAN-647 (SPR# PRAD82YJW2), malicious users could supply damaged cai::URIs to facilitate execution of arbitrary code in Notes. Refer to the table for more information on each, including the SPR number for tracking purposes and, where applicable, fix availability.

For four of these nine, namely ZDI-CAN-373, ZDI-CAN-647, ZDI-CAN-758, ZDI-CAN-759, IBM Lotus has fixes. For two of these, ZDI-CAN-375 and ZDI-CAN-927, IBM has confirmed the issue and continues to pursue appropriate fixes. IBM Lotus is currently unable to reproduce the remaining three exploits based on the information provided by TippingPoint's ZDI.


TippingPoint Reference #
Description
IBM Lotus SPR #
Status
ZDI-CAN-375Domino MIME stack overflowKLYH889M8HConfirmed. Investigating fix.
ZDI-CAN-647Notes cai URI Handler remote code execution vulnerabilityPRAD82YJW2Confirmed. Fixed in 8.0.2 FP6, 8.5.1 FP5, 8.5.2 and later releases
ZDI-CAN-373Notes iCal stack overflowKLYH87LL23Confirmed. Fixed in 8.5.3
ZDI-CAN-758Domino DIIOP remote code execution vulnerabilityKLYH87LML7Confirmed. Fixed in 8.5.3
ZDI-CAN-759Domino DIIOP remote code execution vulnerabilityKLYH87LM4SConfirmed. Fixed in 8.5.3
ZDI-CAN-927Domino Remote Console authentication bypass remote code execution vulnerabilityPRAD89WGRSConfirmed. Unsuppported configuration with workaround available.
ZDI-CAN-372Domino Router stack overflowKLYH87LKREUnconfirmed. Unable to reproduce. Need more information.
ZDI-CAN-374Domino IMAP and POP3 stack overflowKLYH87LLVJUnconfirmed. Unable to reproduce. Need more information.
ZDI-CAN-779Domino LDAP bind request remote code execution vulnerabilityKLYH87LMVXUnconfirmed. Unable to reproduce. Need more information.


IBM targets 2Q2011 for release of Lotus Notes and Domino 8.5.3. You can track progress at the Notes/Domino Update Status page.

At time of publication, there currently are no known active exploits of these issues. However, if you encounter any of the unconfirmed issues, contact IBM Support with reproducible steps, referencing the related SPR number.

For additional information on these issues, you can access the TippingPoint's ZDI advisories at the following link: http://www.zerodayinitiative.com/advisories


Workarounds:

For ZDI-CAN-927 (SPR# PRAD89WGRS), Domino does not support use of UNC paths for usage with Remote Console. As a workaround, you should specify absolute paths.

For all others, there are currently no known workarounds to avoid these issues.


CVSS scoring for fixed & confirmed issues

The following CVSS scores are based on testing results observed by IBM*.

SPR KLYH87LL23 - Lotus Notes ICAL Stack Overflow

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 7.1>
---- Impact Subscore: < 6.9>
---- Exploitability Subscore: < 8.6>
CVSS Temporal Score: < 5.6 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 5.6>
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < None >
  • Integrity Impact: < None >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:


SPR PRAD82YJW2 - Lotus Notes cai URI Handler Remote Code Execution

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 7.1>
---- Impact Subscore: < 6.9>
---- Exploitability Subscore: < 8.6>
CVSS Temporal Score: < 5.6 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 5.6>
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < None >
  • Integrity Impact: < None >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:


SPR KLYH87LML7 - Lotus Domino DIIOP Remote Code Execution

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 6.9>
---- Impact Subscore: < 10>
CVSS Temporal Score: < 3.4 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 5.4>
Base Score Metrics:
  • Related exploit range/Attack Vector: < Local >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < Complete>
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:


SPR KLYH889MH8 - Lotus Domino MIME Stack Overflow

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 7.1>
---- Impact Subscore: < 6.9>
CVSS Temporal Score: < 6.1>
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 6.1>
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < None>
  • Integrity Impact: < None >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Unavailable>
  • Report Confidence: < Confirmed >
References:

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.



- wong chee tat :)
Posted by No comments:
Labels: , , ,

Crowd at Waterfront Isle condo sales

Crowd at Waterfront Isle condo sales
By Joanne Chan | Posted: 05 February 2011 2048 hrs

SINGAPORE: The Lunar New Year period is traditionally a quiet one for the property market, with developers holding back on new launches.

But for one development, the gamble appears to have paid off.

A healthy crowd turned up at the Waterfront Isle showroom on Saturday, the third day of the Lunar New Year celebrations.

And as of 5.30pm, 29 of 59 units that were released on Saturday were sold. The number later rose to 37, as of 9pm.

Including sales from a preview last week, 125 out of 191 available units at the Bedok Reservoir development were snapped up so far.

The condominium is a joint venture between Far East Organization and Frasers Centrepoint.

Waterfront Isle has a total of 561 units, with prices starting from S$575,000 for a one-bedroom apartment.

Some visitors at the showroom Channel NewsAsia spoke to said they were looking for their second or third property.

Asked if they were affected by the latest property-cooling measures - such as a lower loan limit for a second property and a seller's stamp duty if the property is sold within four years - some said they are still able to comfortably afford it.

"Even if it (the loan limit) is cut down to 50%, I think we can still buy (a private home). We're going to keep it at least for 5 years, or even 10. For me, it's for the long run, not for flipping," said home buyer Royston Kwek.

Others said they were buying a private property to settle down in Singapore.

Dong Deng Shan, a home buyer from China, said: "My son is planning to settle down in Singapore, so he needs to buy a house. And I think the environment in Singapore is very good, I like it here."

Some visitors at the showroom said they are in no hurry to buy and will wait for the right unit before taking the plunge.

To ensure a steady supply of private homes and meet strong demand, the government has announced that 17 sites will be put up for tender in the first half of this year, which can potentially yield more than 8,000 units.

Most of the sites are located in the suburbs or outskirts of towns, where more affordable private housing is expected to be built.

- CNA/i

- wong chee tat :)
Posted by No comments:
Labels: , ,

Big jump in endometrial cancer among Singapore women

Big jump in endometrial cancer among Singapore women
By Monica Kotwani | Posted: 06 February 2011 1910 hrs

SINGAPORE: Endometrial cancer is now the fourth most common cancer among women in Singapore, compared to its eighth spot about 10 years ago.

Doctors say the disease is affecting an increasing number of women over 40 years old.

Wong Lee Pheng, who is in her 50s, discovered she had endometrial cancer in September last year, after experiencing excessive bleeding for a few days.

Ms Wong said: "Shocked. I mean I burst into tears of course, because (I) cannot believe cancer can happen to me."

She was one of about 60 women who sought treatment for endometrial cancer at the National University Hospital (NUH) last year.

NUH says that of the 60 women, more than 90 percent are over 40 years old and about 80 percent were diagnosed as having stage one endometrial cancer.

Dr Joseph Ng, a consultant at NUH Department of Obstetrics & Gynaecology, said: "If we look at all the other cancer profiles, we'll probably find that endometrial cancer is probably one of the fastest growing cancers."

Endometrial cancer is the most common cancer of the female reproductive system.

The cancer arises in the tissue layer that lines the uterine cavity and causes heavy and irregular vaginal bleeding.

At its advanced stage, it spreads to neighbouring organs such as the bowel, bladder and lymph nodes, with painful symptoms.

Dr Ng said that an ageing population and lifestyle factors have contributed to the rise in endometrial cancer statistics.

"Obesity, (women) having fewer pregnancies, and also women starting to have menstrual periods earlier and reaching menopause at a later age. These are all factors that contribute towards increasing a woman's risk for having endometrial cancer," he said.

But if caught early, the prognosis is good. And technological advances in the field are coming up with less invasive methods of surgery, such as a robot machine that allows doctors to operate on the cancer without open surgery.

Dr Ng said: "We've now miniaturised the surgeon's hands into small robotic hands.....and these hands are small enough to fit through standard laparoscopic ports, small tubes. So we are able to perform the same degree of surgery, the same complexity of surgery, but without an open wound."

The robot-assisted surgery means a faster recovery and fewer scars for the patient.

Such surgery also benefits the hospital.

"There is a national crunch in hospital beds. We're always short of hospital beds. So we've found that this is a good way to try and increase our healthcare capability to be able to cope with that demand," said Dr Ng.

Still, medical advances go hand in hand with early detection as well as equipping oneself with the right kind of information.

"Don't just count on going for the Pap smear, because it doesn't tell (if you have endometrial cancer). If the body shows signs of abnormalities, go and see the doctor and get different tests.... When I was first diagnosed, at first it was a Pap smear and it said it was fine. But I happened to go for other tests, then we discovered that it was not so fine," said Madam Wong.

Dr Ng said primary healthcare providers can play a bigger role in detecting the cancer early.

He said: "GPs, family physicians (can) reinforce very, very simple counselling pointers to their patients whenever they see these women for healthcare checks or even just for problem visits like cough and cold or flu.

"It's very easy to ask a woman how her menstrual periods are. Are they regular? Because irregular menstrual bleeding in a woman, who has not yet hit menopause, is one of the most important signs and symptoms of early cancer, especially early endometrial cancer."

- CNA/ir

- wong chee tat :)
Posted by No comments:

Microsoft Security Bulletin Advance Notification for February 2011

Microsoft Security Bulletin Advance Notification for February 2011

Published: February 03, 2011
Microsoft Security Bulletin Advance Notification issued: February 3, 2011
Microsoft Security Bulletins to be issued: February 8, 2011
This is an advance notification of security bulletins that Microsoft is intending to release on February 8, 2011.
This bulletin advance notification will be replaced with the February bulletin summary on February 8, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.
Microsoft will host a webcast to address customer questions on the security bulletins on February 9, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the February Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Bulletin Information

Executive Summaries

Affected Software

Detection and Deployment Tools and Guidance

Other Information

Microsoft Windows Malicious Software Removal Tool

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Top of sectionTop of section

Non-Security Updates on MU, WU, and WSUS

For information about non-security releases on Windows Update and Microsoft Update, please see:
Microsoft Knowledge Base Article 894199: Description of Software Update Services and Windows Server Update Services changes in content. Includes all Windows content.
Updates from Past Months for Windows Server Update Services. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows.
Top of sectionTop of section

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Top of sectionTop of section

Security Strategies and Community

Update Management Strategies
Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.
Obtaining Other Security Updates
Updates for other security issues are available from the following locations:
Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security update".
Updates for consumer platforms are available from Microsoft Update.
You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
IT Pro Security Community
Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.
Top of sectionTop of section

Support

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
Top of sectionTop of section

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Top of sectionTop of section

Top of pageTop of page


- wong chee tat :)
Posted by No comments:
Labels: , , ,

The Green Hornet




- wong chee tat :)
Posted by No comments:
Subscribe to: Posts (Atom)