IBM Tivoli Provisioning Manager for OS Deployment TFTPD Malformed PRQ Request DoS
Medium Nessus Plugin ID 25738
SynopsisA service on the remote host is prone to a denial of service attack.
DescriptionThe remote host is running IBM Tivoli Provisioning Manager for OS Deployment, for remote deployment and management of operating systems.
The TFTPD component of the version of this software installed on the remote host does not handle read requests with an invalid 'blksize' argument. An unauthenticated attacker can leverage this issue to trigger a divide-by-zero error and cause the 'rembo.exe' service to exit.
SolutionUpgrade to Tivoli Provisioning Manager for OS Deployment, Fix Pack 3 (version 188.8.131.52) or later.