Detections
Analytics

Tivoli Provisioning Manager <= 5.1.0.2 TFTP PRQ Request Remote DoS

medium Nessus Network Monitor Plugin ID 4139

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the IBM 'Tivoli Provisioning Manager for OS Deployment'.
This version of the software is vulnerable to a flaw in the way that it handles malformed TFTP requests. An attacker exploiting this flaw can cause a crash that would affect all of the Tivoli services on the server. An attacker exploiting this flaw would need to be able to send malformed TFTP requests to the server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg24016347

Plugin Details

Severity: Medium

ID: 4139

Family: Web Servers

Published: 7/18/2007

Updated: 3/6/2019

Nessus ID: 25738

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_provisioning_manager_os_deployment

Reference Information

CVE: CVE-2007-3268

BID: 24942