CERT-MU :Disclaimer

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

	CERT-MU AD-2008-9 IBM Lotus Sametime Vulnerability Stack overflow vulnerability in Lotus Sametime® Community Services multiplexer (MUX) Original Issue Date: 21 st May 2008 Overview This vulnerability is due to an error in the way long URLs are processed within the Community Services Multiplexer (StMux.exe). By sending a specially crafted URL, an attacker may be able to cause a stack-based buffer overflow and execute arbitrary code. Description This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Services Multiplexer (StMux.exe) listening on TCP port 1533. A specially crafted URL can be passed into a vulnerable sscanf() function that will result in a stack overflow resulting in the ability to execute arbitrary code. In order for an attacker to successfully exploit this vulnerability, the following must be accomplished: Lotus Sametime server must be installed and configured Attacker must be able to establish a connection to the Sametime server over HTTP Attacker must send a specific HTTP request to the Sametime server The Sametime Community Services multiplexer (MUX) processing the malicious request could result in a stack overflow Affected system Sametime 7.5.1, 8.0 Impact : high Workarounds Workarounds for Sametime 8.0: Option 1: Upgrade to Sametime version 8.0.1. Option 2: Customers that are unable to upgrade to 8.0.1, contact IBM Support to request the patch for your server version. Workarounds for Sametime 7.5.1 Cumulative Fix 1 (CF1): Option 1: Customers that have deployed Sametime 7.5.1 Cumulative Fix 1 (CF1) can download the fix from Fix Central (http://www.ibm.com/eserver/support/fixes/fixcentral/swg/quickorder? brandid=2&productid=Lotus%20Sametime&fixes=ST-7.5.1.1- Windows-ICAE-7DPP83) Option 2: Customers that have NOT deployed Sametime 7.5.1 Cumulative Fix 1 (CF1), and are currently unable to upgrade to this release and hotfix, contact IBM Support to request the patch for your server version. Disclaimer The information provided herein is on "as is" basis, without warranty of any kind. Vendor Information : IBM References : IBM CVE-Name CVE-Name: References: US- CERT




	Last Updated 09-Jul-2011