Are You Sure About Your Instant Messaging Software Safety?

Instant messaging communication is a general and simple computer process involving PC users all over the world. It exists in peer to peer, spoken, written or gesticulated form. Today I'm going to concentrate on an instant messaging type of communication due to the fact that a vulnerability was identified in Lotus Instant Messenger. I suppose most of you know what instant messaging is. In fact, the name instant messaging can speak for itself. A potential denial-of-service vulnerability can be prompted by certain malformed Secure Sockets Layer (SSL) records which make the IBM® Global Security Toolkit (GSKIT) component fail and thus provoke the application to terminate.

I suppose that most of you really know what Instant messaging is. However, in order to know more about it, let me remind you briefly what it is. Instant messaging (IM) is a form of real-time communication between two or more people based on typed text. The text is transmitted through devices connected over a network like the Internet. Next, do you know what Web conferencing is? Web conferencing is used to organize live meetings or presentations through the Internet. In a web conference, each participant sits at his or her own computer and is connected to other participants through the Internet. This can be either a downloaded application on a computer of each of the attendees, or a web-based application where the attendees go to a URL or in other words website address, to get in the conference.

So what is IBM Lotus Sametime? According to Wikipedia, IBM Lotus Sametime is a client-server application and middleware platform that offers real-time, unified communications and collaboration for enterprises. Those capabilities involve presence information, enterprise instant messaging, web conferencing, community collaboration, and telephony capabilities and integration.

Some features of Lotus Instant Messaging might be similar to other well-known instant messaging programs on the net, for example Skype or Yahoo! Messenger. One of the files related to Skype include but are not limited to the following: SkypeIEPlugin.dll. Also, some of the files related to Yahoo! Messenger might include but are not limited to the following: YAHOOM~1.EXE and ymsgr_tray.exe.

How can attackers exploit the Lotus Instant Messaging and Web Conferencing vulnerability? The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 creates error messages for a failed logon attack with different time delays which depend on whether the user account exists. This allows remote attackers to enumerate valid usernames.M3.jpg

Sametime integrates with a wide array of software, including Lotus collaboration products, Microsoft Office productivity software which incorporates Microsoft Outlook, portal and Web applications. Some of the files related to Microsoft Office might include but are not limited to the following: bcmsqlstartupsvc.exe, mofl.dll and owc11.dll. Also, some of the files related to Microsoft Outlook include but are not limited to the following: ACCWIZ.DLL, cb5.dll, DATAACC.EXE, EFD.EXE and gapi.dll. This vulnerability only affects IBM Lotus Instant Messaging and Web Conferencing (Sametime) servers that have configured SSL connections with their LDAP server. What is the solution to this security issue? In order to fix this particular problem, customers should upgrade their version of GSKit. When and how should they upgrade GSKit? What particular version of GSKit should you upgrade to? The answer is provided below:

* Sametime 2.5 and earlier versions did not contain GSKit; so no action is not needed for these customers;
* Windows servers: GSKit version 6.0.5.41 and any higher version of 6.0.5.xx does not contain the vulnerability.

Source: http://www.pc1news.com/news/0834/are-you-using-instant-messaging.html