OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark A. Rowe (PenTest) (mark.rowe_at_pentest-limited.com)
Date: Mon Jul 15 2002 - 10:21:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    IBM Tivoli Management Framework Buffer Overflow (ManagedNode)

     
    Announcement date: 15th July 2002
    Reference: ptl-2002-05

    Advisory Details
    ----------------

    Product: IBM Tivoli Management Framework
    Vulnerable versions: 3.6.x through 3.7.1
    Vulnerability Type : Buffer Overflow
    Platforms: All
    Vendor-URL: http://www.tivoli.com
    Vendor-Status: A fix is forthcoming in Version 4.1. A workaround is
    available for earlier versions.
    Remote-Exploit: Yes

    Overview
    --------

    A remote buffer overflow condition exists in the webserver (default port
    94 but redirects to another port) running on TMR ManagedNodes. This
    results in a denial of service and the possibility of arbitrary code
    execution.

    Description
    -----------

    An overly long GET request results in a buffer overflow, with registers
    being overwritten with user supplied data.

    This results in the TMR ManagedNode HTTPd daemon crashing (Spider
    process) and allows arbitrary code to be executed as a privileged user
    (SYSTEM on NT or root on Unix). The loss of the spider process will
    prevent all http requests to that ManagedNode, but does not impact all
    other Framework or application functions.

    Tested on: Solaris8 (Sparc).

    Fix

    ---
    

    Apply workaround.

    Vendor status -------------

    Tivoli were notified 12 April 2002.

    Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security /mgt-fwk-http-vul.html

    Credit ------

    Discovered by Mark Rowe ( mark.rowepentest-limited.com) Jeff Fay ( jeffsdii.com )