Pentest Security Advisory : PTL-2002-04
IBM Tivoli Management Framework Buffer Overflow (Endpoint)

Advisory Details:

Author: Mark Rowe
Announcement Date: 15th July 2002
Reference: ptl-2002-04
Product: IBM Tivoli Management Framework
Vulnerable versions: 3.6.x through 3.7.1
Vulnerability Type : Buffer Overflow
Platforms: All
Vendor-URL: http://www.tivoli.com
Vendor-Status: Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround.
Remote-Exploit: Yes

Overview:

A remote buffer overflow condition exists in the webserver (default port 9495) running on TMR Endpoints. This can result in a denial of service and execution of arbitrary code.

Description:

An overly long GET request results in a buffer overflow, with registers being overwritten with user supplied data.

This results in the TMR Endpoint Service crashing (LCFD process) and allows arbitrary code to be executed as a privileged user (SYSTEM on NT or root on Unix). The loss of the lcfd process terminates all endpoint activities.

Tested on: W2K and NT4 SP6a.

Fix:

Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or apply workaround.

Vendor status:

Tivoli were notified 12 April 2002.

Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html

Credit:


Discovered by
Mark Rowe
Jeff Fay (jeff at sdii.com)

arrow morePTL-2002-05

PTL-2002-03arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2016 All Rights Reserved. Privacy statement