Tivoli Provisioning Manager <= 5.1.0.2 TFTP PRQ Request Remote DoS

Medium Nessus Network Monitor Plugin ID 4139

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the IBM 'Tivoli Provisioning Manager for OS Deployment'.
This version of the software is vulnerable to a flaw in the way that it handles malformed TFTP requests. An attacker exploiting this flaw can cause a crash that would affect all of the Tivoli services on the server. An attacker exploiting this flaw would need to be able to send malformed TFTP requests to the server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg24016347

Plugin Details

Severity: Medium

ID: 4139

Family: Web Servers

Published: 2007/07/18

Modified: 2016/02/05

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.1

Temporal Score: 5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.4

Temporal Score: 5.9

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-3268

BID: 24942