SAINT CorporationSAINT:757651AE042F37667D632BEA16D6F562Tivoli Provisioning Manager for OS Deployment HTTP server buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.849 High
EPSS
Percentile
98.4%
Added: 01/28/2008
CVE: CVE-2008-0401
BID: 27387
OSVDB: 40481
Background
Tivoli Provisioning Manager for OS Deployment is a product which facilitates remote operating system installation and management.
Problem
A buffer overflow vulnerability in the HTTP server which comes with Tivoli Provisioning Manager for OS Deployment allows remote attackers to execute arbitrary commands by sending a request for a long, specially crafted URL.
Resolution
Apply Interim Fix 3, Version 5.1.0.3.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647>
Limitations
Exploit works on Tivoli Provisioning Manager for OS Deployment 5.1.0.2.
Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
Platforms
Windows 2000
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.849 High
EPSS
Percentile
98.4%