Lucene search
Tenable Network SecurityZDI-11-169HistoryMay 31, 2011 - 12:00 a.m.
IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability
2011-05-3100:00:00
Tenable Network Security
www.zerodayinitiative.com
19
EPSS
0.974
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Endpoint. Authentication is required to exploit this vulnerability, however it is trivially achieved. The specific flaw exists within the lcfd.exe process which listens by default on TCP port 9495. To reach this page remotely authentication is required. However, by abusing a built-in account an attacker can access the restricted pages. While parsing requests to one of these, the process blindly copies the contents of a POST variable to a 256 byte stack buffer. This can be leveraged by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
Related
cve
cve
CVE-2011-1220
2011-06-02 20:55:02
CVE-2011-2330
2011-06-02 20:55:04
securityvulns
securityvulns
IBM Tivoli Endpoint buffer overflows
2011-06-07 00:00:00
packetstorm
packetstorm
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
2011-06-12 00:00:00
nvd
nvd
CVE-2011-1220
2011-06-02 20:55:02
CVE-2011-2330
2011-06-02 20:55:04
checkpoint_advisories
checkpoint_advisories
IBM Tivoli Endpoint Manager POST Query Buffer Overflow (CVE-2011-1220)
2013-07-21 00:00:00
cvelist
cvelist
CVE-2011-1220
2011-06-02 20:00:00
CVE-2011-2330
2011-06-02 20:00:00
prion
prion
Stack overflow
2011-06-02 20:55:00
Code injection
2011-06-02 20:55:00
nessus
nessus
IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow
2011-05-31 00:00:00