[VulnWatch] [Vulnwatch] Tivoli TMF Endpoint Buffer OverflowFrom: Mark A. Rowe (PenTest) (firstname.lastname@example.org)
- Previous message: Ulf Harnhammar: "[VulnWatch] Double Choco Latte multiple vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Jul 2002 16:18:02 +0100 To: email@example.com From: "Mark A. Rowe (PenTest)" <firstname.lastname@example.org>
IBM Tivoli Management Framework Buffer Overflow (Endpoint)
Announcement date: 15th July 2002
Product: IBM Tivoli Management Framework
Vulnerable versions: 3.6.x through 3.7.1
Vulnerability Type : Buffer Overflow
Vendor-Status: Apply latest Fixpack (Currently Fixpack 2 or Patches
3.7.1-TMF-0066), or apply workaround.
A remote buffer overflow condition exists in the webserver (default port
9495) running on TMR Endpoints. This can result in a denial of service
and execution of arbitrary code.
An overly long GET request results in a buffer overflow, with registers
being overwritten with user supplied data.
This results in the TMR Endpoint Service crashing (LCFD process) and
allows arbitrary code to be executed as a privileged user (SYSTEM on NT
or root on Unix). The loss of the lcfd process terminates all endpoint
Tested on: W2K and NT4 SP6a.
Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround.
Vendor status -------------
Tivoli were notified 12 April 2002.
Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security /mgt-fwk-http-vul.html