IBM Tivoli Management Framework Endpoint '/addr' Remote Buffer Overflow

high Nessus Network Monitor Plugin ID 5932

Synopsis

The remote host is running a web server that is affected by a buffer overflow vulnerability.

Description

The remote host is running IBM Tivoli Endpoint, a component of Tivoli Management Framework.

Versions of IBM Tivoli Endpoint earlier than 4.1.1-LCF-0076 or 4.3.1-LCF-0012LA are potentially affected by a buffer overflow vulnerability because input to the 'opts' parameter of '/addr' is not properly validated. A remote, authenticated attacker could exploit this by sending a malicious POST request to the server, resulting in arbitrary code execution.

Solution

Upgrade to Tivoli Endpoint 4.1.1-LCF-0076 / 4.3.1-LCF-0012LA or later. Alternatively, use the workaround described in the IBM advisory.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21499146

Plugin Details

Severity: High

ID: 5932

Family: Web Servers

Published: 5/31/2011

Updated: 9/16/2018

Nessus ID: 54924

Vulnerability Information

CPE: cpe:2.3:a:ibm:tivoli_management_framework:*:*:*:*:*:*:*:*

Patch Publication Date: 5/31/2011

Vulnerability Publication Date: 5/31/2011

Exploitable With

CANVAS (White_Phosphorus)

Metasploit (IBM Tivoli Endpoint Manager POST Query Buffer Overflow)

Reference Information

CVE: CVE-2011-1220

BID: 48049

IAVA: 2011-A-0072