IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities

Critical Nessus Plugin ID 25005


The remote web server is affected by multiple vulnerabilities.


The remote host is running IBM Tivoli Provisioning Manager for OS Deployment. The version of this software contains multiple unspecified memory corruption vulnerabilities in the HTTP server.

A remote attacker may exploit these flaws to crash the service or execute code on the remote host with the privileges of the TPM server.


Install TPM for OS Deployment FIx Pack 2.

See Also

Plugin Details

Severity: Critical

ID: 25005

File Name: ibm_tpmfosd_corruption.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Web Servers

Published: 2007/04/07

Modified: 2012/10/03

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_provisioning_manager_os_deployment

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/04/01

Vulnerability Publication Date: 2007/04/01

Exploitable With

Metasploit (IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow)

Reference Information

CVE: CVE-2007-1868

BID: 23264

OSVDB: 34678