[SA15953] IBM Tivoli Management Framework Endpoint Denial of Service

Type securityvulns
Reporter Securityvulns
Modified 2005-07-09T00:00:00


Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/

TITLE: IBM Tivoli Management Framework Endpoint Denial of Service


VERIFY ADVISORY: http://secunia.com/advisories/15953/

CRITICAL: Less critical


WHERE: >From local network

SOFTWARE: IBM Tivoli Management Framework 4.x http://secunia.com/product/2866/

DESCRIPTION: NISCC has reported a vulnerability in IBM Tivoli Management Framework Endpoint's "lcfp" process, which potentially can be exploited to cause a DoS (Denial of Service).

The vulnerability is caused due to the endpoint waiting for 5 minutes before it can accept any new connections after a connection has been made to the endpoint and then dropped. The "lcfd" process will be unresponsive for 5 minutes.

The vulnerability has been reported in version 4.1.1, endpoint version 41015.

SOLUTION: Apply the latest LCF Patch (4.1.1-LCF-0020) http://www-1.ibm.com/support/docview.wss?uid=swg24009815

PROVIDED AND/OR DISCOVERED BY: NISCC (National Infrastructure Security Coordination Centre)

ORIGINAL ADVISORY: http://www-1.ibm.com/support/docview.wss?uid=swg21210334

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.