IBM Tivoli Management Framework Endpoint '/addr' Remote Buffer Overflow

High Nessus Network Monitor Plugin ID 5932

Synopsis

The remote host is running a web server that is affected by a buffer overflow vulnerability.

Description

The remote host is running IBM Tivoli Endpoint, a component of Tivoli Management Framework.

Versions of IBM Tivoli Endpoint earlier than 4.1.1-LCF-0076 or 4.3.1-LCF-0012LA are potentially affected by a buffer overflow vulnerability because input to the 'opts' parameter of '/addr' is not properly validated. A remote, authenticated attacker could exploit this by sending a malicious POST request to the server, resulting in arbitrary code execution.

Solution

Upgrade to Tivoli Endpoint 4.1.1-LCF-0076 / 4.3.1-LCF-0012LA or later. Alternatively, use the workaround described in the IBM advisory.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21499146

Plugin Details

Severity: High

ID: 5932

Family: Web Servers

Published: 2011/05/31

Modified: 2018/09/16

Dependencies: 1442

Nessus ID: 54924

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_management_framework

Patch Publication Date: 2011/05/31

Vulnerability Publication Date: 2011/05/31

Exploitable With

CANVAS (White_Phosphorus)

Metasploit (IBM Tivoli Endpoint Manager POST Query Buffer Overflow)

Reference Information

CVE: CVE-2011-1220

BID: 48049

IAVA: 2011-A-0072