Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.2151
Security Bulletin: Multiple Security Vulnerabilities in IBM
Sametime Meetings Server
29 August 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Sametime Meetings Server
Publisher: IBM
Operating System: Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Cross-site Request Forgery -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-4463 CVE-2016-2979 CVE-2016-2977
CVE-2016-2973 CVE-2016-2972 CVE-2016-2971
CVE-2016-2969 CVE-2016-2965 CVE-2016-2959
CVE-2016-2958 CVE-2016-0356 CVE-2016-0355
CVE-2016-0354
Reference: ESB-2017.0516
ESB-2017.0271
ESB-2016.2201
ESB-2016.2200
ESB-2016.1916
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg22006439
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Multiple Security Vulnerabilities in IBM Sametime Meetings
Server
Document information
More support for: IBM Sametime
Meeting Server
Software version: 8.5.2, 8.5.2.1, 9.0, 9.0.0.1, 9.0.1
Operating system(s): Linux, Windows
Reference #: 2006439
Modified date: 23 August 2017
Security Bulletin
Summary
Multiple Security Vulnerabilities in IBM Sametime Meetings Server
Vulnerability Details
CVEID: CVE-2016-0354
DESCRIPTION: IBM Sametime Enterprise Meeting Server could allow an
authenticated user to upload a malicious file to a Sametime meeting room, that
could be downloaded by unsuspecting users which could be executed with user
privileges.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111893 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-0355
DESCRIPTION: IBM Sametime Enterprise Meeting Server could allow an
authenticated user that has been invited to a Sametime meeting room, to cause
the screen sharing to cease through the use of cross-site request forgery.
CVSS Base Score: 3.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111894 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-0356
DESCRIPTION: IBM Sametime Enterprise Meeting Server could allow an
authenticated user that has been invited to a Sametime meeting room, to cause
the screen sharing to cease through the use of cross-site request forgery.
CVSS Base Score: 3.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111895 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2959
DESCRIPTION: IBM Sametime Meeting Server could allow a meeting room manager to
remove the primary managers privileges.
CVSS Base Score: 3.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113804 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-2958
DESCRIPTION: IBM Sametime Meeting Server could allow an authenicated and
invited user of Sametime meeting to lower any or all hands in an e-meeting,
thus spoofing results of votes in the meeting.
CVSS Base Score: 3.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113803 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-2965
DESCRIPTION: IBM Sametime Meeting Server is vulnerable to cross-site request
forgery, caused by improper validation of user-supplied input. By persuading a
user to visit a malicious link, a remote attacker could force the user to log
out of Sametime.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113846 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2973
DESCRIPTION: IBM Sametime Media Services is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113899 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2016-2979
DESCRIPTION: IBM Sametime Meeting Server is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113945 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2016-2972
DESCRIPTION: IBM Sametime Meeting Server could store credentials of the
Sametime Meetings user in the local cache of their browser which could be
accessed by a local user.
CVSS Base Score: 4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113855 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-2969
DESCRIPTION: IBM Sametime Meeting Server may send replies that contain emails
of people that should not be in these messages.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113850 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-2971
DESCRIPTION: IBM Sametime Media Services can disclose sensitive information in
stack trace error logs that could aid an attacker in future attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113898 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-2977
DESCRIPTION: IBM Sametime Meeting Server could allow a malicious user to lower
other users hands in the meeting.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113937 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-4463
DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of
service, caused by a stack-based buffer overflow when parsing a deeply nested
DTD. A remote attacker could exploit this vulnerability to cause a denial of
service.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/114596 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
Sametime Meetings Server 9 and 8.5
Remediation/Fixes
Upgrade to Sametime 9.0.1 FP1 -
http://www.ibm.com/support/docview.wss?uid=swg22004587
Users of version 8.5 should upgrade to 9.0.1 FP1 as v8.5 will no longer be
supported after 30 September 2017.
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
August 23 2017 - Initial version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWaS4wIx+lLeg9Ub1AQi4OQ/+NsCn161gHF9beGJDS0QGJNUco2sYwId1
VJ075g9lLpjwSQAiWxDA1WTjkDJZQh7euqbAPK+7WbTR6BhgIRRtTwhc8HFuSLMc
I7rnUmLLbjNSADeJpgjE1QlDFXnAtRgn0/pCLnZbVg/Wz1/rfTr5IwBSSRriatpb
kscnFu7JLjfLCPzM+efU5oo03LoKmP9i7NIW4maoFISFqqWZhP1cP2Er65KGKDDC
jQaN+Q999D5RNDBuTQcdTBDEGAsFPyXJ7iw8FTmh+tSWMbZYvmWKkNeACiYeNnx5
AR1k48NtuWySjjRgnmyEdsKkBarEthxMKgr1tK47fGursAcvXT2FCK7IPhLxFGim
jn9PPdL94onAC3s3gG1WVgGEsDkTBNjfoNO4ZDAalHJri/7UP8oSfI40IQmu5aWu
RvKO5d6uvOkC7H0G7PDNW9GcEUNEqOoAtx2Oydjf6E47ZQAqHCbBz1mDvT6KlRiS
6rNapYEbQG5uQDLdQmZocO8842KRQRktC4I3YXv66EoNvsHuir1IQmzSYhX21OYw
MWoFH0fEmKoA0Uw9nk/8/rUXoQPOxz9NFPwcfnpzYIzGw/EV13aP1Qbs3PZOxSgr
5u+2xaoir3GGdRnzrcaucFPRnGKIUXd+S/aZm7K+CaAcWDUUtpBVIGTnQkt+HuRM
nkLz7u99fTk=
=bVRI
-----END PGP SIGNATURE-----