An error occurred:

Check: 2011-A-0072

windows 7 iavm: 2011-A-0072 (in version v1 r32)

Title

IBM Tivoli Management Framework Remote Code Execution Vulnerability (Cat I impact)

Discussion

IBM has addressed a remote code execution vulnerability in the IBM Tivoli Management Framework. IBM Tivoli Management Framework is the foundation for a suite of management applications that facilitates enterprise network and system management. To exploit this vulnerability, a remote attacker would send a malicious request to a vulnerable IBM Tivoli Endpoint. If successfully exploited, this vulnerability would allow an attacker to compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. IBM Tivoli Endpoint Buffer Overflow Vulnerability - (CVE-2011-1220): Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field. The specific flaw exists within the lcfd.exe process which listens by default on TCP port 9495. To reach this page remotely authentication is required. However, by abusing a built-in account an attacker can access the restricted pages. While parsing requests to one of these, the process blindly copies the contents of a POST variable to a 256 byte stack buffer. This can be leveraged by a remote attacker to execute arbitrary code under the context of the SYSTEM user.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: IBM Tivoli Management Framework 3.7.1 IBM Tivoli Management Framework 4.1 IBM Tivoli Management Framework 4.1.1 IBM Tivoli Management Framework 4.3.1 Check the application’s version number by using commands: wep or wepstatus Update to Supported version of IBM Tivoli Management Framework and apply appropriate patches Note: System administrators should refer to the IBM Security Advisory to determine affected applications/system and appropriate fix actions.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-28308

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check