|
IBM Tivoli Provisioning Manager for OS Deployment HTTP Request Handling Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA24717
|
|
|
Release Date:
|
2007-04-03
|
|
Last Update:
|
2007-05-03
|
|
Popularity:
|
4,756 views
|
|
|
Critical:
|
 Moderately critical
|
|
Impact:
|
DoS System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM Tivoli Provisioning Manager for OS Deployment 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-1868
|
|
Description: Some vulnerabilities have been reported in IBM Tivoli Provisioning Manager for OS Deployment, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
1) Errors within the management service when handling multipart/form-data in HTTP POST requests can be exploited to crash the service or cause a heap corruption via specially crafted HTTP POST requests to ports 443/TCP and 8080/TCP of the management service.
2) Boundary errors within the rembo.exe service when processing HTTP requests can be exploited to cause stack-based buffer overflows via specially crafted requests with an overly long (greater than 150 bytes) filename, Host, or Authorization field sent to default port 8080/TCP.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are reported in version 5.1.0.116. Other versions may also be affected.
Solution: Apply fix pack 5.1.0-TIV-TPMOSD-IF0002.
http://www-1.ibm.com/support/docview.wss?uid=swg24015664
Provided and/or discovered by: 1) Discovered by an anonymous person and reported via iDefense Labs.
2) Aaron Portnoy, TippingPoint Security Research Team
Changelog: 2007-04-12: Added CVE reference.
2007-05-03: Updated advisory based on information from TippingPoint Security Research Team. Updated "Solution" section.
Original Advisory: iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=498
TippingPoint Security Research Team:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-05
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|