Bugtraq mailing list archives
Tivoli TMF Endpoint Buffer Overflow
From: "Mark A. Rowe (PenTest)" <mark.rowe () pentest-limited com>
Date: Mon, 15 Jul 2002 16:16:27 +0100
IBM Tivoli Management Framework Buffer Overflow (Endpoint) Announcement date: 15th July 2002 Reference: ptl-2002-04 Advisory Details ---------------- Product: IBM Tivoli Management Framework Vulnerable versions: 3.6.x through 3.7.1 Vulnerability Type : Buffer Overflow Platforms: All Vendor-URL: http://www.tivoli.com Vendor-Status: Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround. Remote-Exploit: Yes Overview -------- A remote buffer overflow condition exists in the webserver (default port 9495) running on TMR Endpoints. This can result in a denial of service and execution of arbitrary code. Description ----------- An overly long GET request results in a buffer overflow, with registers being overwritten with user supplied data. This results in the TMR Endpoint Service crashing (LCFD process) and allows arbitrary code to be executed as a privileged user (SYSTEM on NT or root on Unix). The loss of the lcfd process terminates all endpoint activities. Tested on: W2K and NT4 SP6a. Fix --- Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround. Vendor status ------------- Tivoli were notified 12 April 2002. Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security /mgt-fwk-http-vul.html Credit ------ Discovered by Mark Rowe ( mark.rowe () pentest-limited com) Jeff Fay ( jeff () sdii com )
Current thread:
- Tivoli TMF Endpoint Buffer Overflow Mark A. Rowe (PenTest) (Jul 15)