IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities

critical Nessus Plugin ID 25005

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The remote host is running IBM Tivoli Provisioning Manager for OS Deployment. The version of this software contains multiple unspecified memory corruption vulnerabilities in the HTTP server.

A remote attacker may exploit these flaws to crash the service or execute code on the remote host with the privileges of the TPM server.

Solution

Install TPM for OS Deployment FIx Pack 2.

See Also

http://www.nessus.org/u?c482fc38

Plugin Details

Severity: Critical

ID: 25005

File Name: ibm_tpmfosd_corruption.nasl

Version: 1.15

Type: remote

Family: Web Servers

Published: 4/7/2007

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_provisioning_manager_os_deployment

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/1/2007

Vulnerability Publication Date: 4/1/2007

Exploitable With

Metasploit (IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow)

Reference Information

CVE: CVE-2007-1868

BID: 23264