SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   IBM Support Assistant Vendors:   IBM
(IBM Issues Fix for IBM Support Assistant) IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code
SecurityTracker Alert ID:  1027214
SecurityTracker URL:  http://securitytracker.com/id/1027214
CVE Reference:   CVE-2012-0186, CVE-2012-0187, CVE-2012-0191   (Links to External Site)
Date:  Jun 29 2012
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1
Description:   Several vulnerabilities were reported in IBM Lotus Expeditor. A remote user can execute arbitrary code on the target system. A remote user can bypass access controls. A remote user can view files on the target system. IBM Support Assistant is affected.

A remote user can supply a specially crafted URL to exploit a flaw in the Eclipse Help component and view the locations of files [CVE-2012-0186]. The vendor has assigned SPR SAKL7QQG28 to this vulnerability.

A remote user can create a specially crafted DLL file in a directory or on a remote share (e.g., WebDAV, SMB share). When a file is loaded by the target user from the same directory, the application may load the remote user's DLL instead of the intended DLL and execute arbitrary code [CVE-2012-0187]. The code will run with the privileges of the target user. This type of exploit is also known as "binary planting" or "DLL preloading". The vendor has assigned SPR DKLN8K7TEA, RAKA89HPF2, JKAE893E7R and RAKA899QV5 to this vulnerability.

A remote user can supply a specially crafted header value to spoof a localhost request and bypass access controls [CVE-2012-0191]. The vendor has assigned SPR SAKL7QQG28 and MSTO89WRX8 to this vulnerability.
Impact:   A remote user can bypass access controls.

A remote user can view file locations on the target system.

A remote user may be able to cause a target application to execute arbitrary code on the target user's system.
Solution:   IBM has issued a fix for IBM Support Assistant (4.1.3 fixpack).

The IBM advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21599620
Cause:   Access control error, Input validation error
Underlying OS:   Linux (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 22 2012 IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code


 Source Message Contents
Date:  Fri, 29 Jun 2012 23:20:13 +0000
Subject:  IBM Support Assistant


http://www-01.ibm.com/support/docview.wss?uid=swg21599620

CVE-2012-0186
CVE-2012-0187
CVE-2012-0191


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC