OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark A. Rowe (PenTest) (mark.rowe_at_pentest-limited.com)
Date: Mon Jul 15 2002 - 10:18:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    IBM Tivoli Management Framework Buffer Overflow (Endpoint)

     
    Announcement date: 15th July 2002
    Reference: ptl-2002-04

    Advisory Details
    ----------------

    Product: IBM Tivoli Management Framework
    Vulnerable versions: 3.6.x through 3.7.1
    Vulnerability Type : Buffer Overflow
    Platforms: All
    Vendor-URL: http://www.tivoli.com
    Vendor-Status: Apply latest Fixpack (Currently Fixpack 2 or Patches
    3.7.1-TMF-0066), or apply workaround.
    Remote-Exploit: Yes

    Overview
    --------

    A remote buffer overflow condition exists in the webserver (default port
    9495) running on TMR Endpoints. This can result in a denial of service
    and execution of arbitrary code.

    Description
    -----------

    An overly long GET request results in a buffer overflow, with registers
    being overwritten with user supplied data.

    This results in the TMR Endpoint Service crashing (LCFD process) and
    allows arbitrary code to be executed as a privileged user (SYSTEM on NT
    or root on Unix). The loss of the lcfd process terminates all endpoint
    activities.

    Tested on: W2K and NT4 SP6a.

    Fix

    ---
    

    Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround.

    Vendor status -------------

    Tivoli were notified 12 April 2002.

    Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security /mgt-fwk-http-vul.html

    Credit ------

    Discovered by Mark Rowe ( mark.rowepentest-limited.com) Jeff Fay ( jeffsdii.com )