Pentest Security Advisory : PTL-2002-05
IBM Tivoli Management Framework Buffer Overflow (ManagedNode)
Author: Mark Rowe
Announcement Date: 15th July 2002
Product: IBM Tivoli Management Framework
Vulnerable versions: 3.6.x through 3.7.1
Vulnerability Type : Buffer Overflow
Vendor-Status: A fix is forthcoming in Version 4.1. A workaround is available for earlier versions.
A remote buffer overflow condition exists in the webserver (default port 94 but redirects to another port) running on TMR ManagedNodes. This results in a denial of service and the possibility of arbitrary code execution.
An overly long GET request results in a buffer overflow, with registers being overwritten with user supplied data.
This results in the TMR ManagedNode HTTPd daemon crashing (Spider process) and allows arbitrary code to be executed as a privileged user (SYSTEM on NT or root on Unix). The loss of the spider process will prevent all http requests to that ManagedNode, but does not impact all other Framework or application functions.
Tested on: Solaris8 (Sparc)
Tivoli were notified 12 April 2002.
Vendor has released a security alert with details of patches and workarounds. See http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
Jeff Fay (jeff at sdii.com)
Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.
Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.