Title: IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities
Severity: CRITICAL
Description:
IBM Tivoli Provisioning Manager for OS Deployment is a network boot-server used to manage networked workstations.
The software is prone to multiple stack-based buffer-overflows because it fails to bounds-check user-supplied input.
These issues occur when handling multipart or form-data HTTP POST requests. The vulnerability resides in the 'rembo.exe' service listening on port TCP 8080. Multiple components of the HTTP request are vulnerable to this issue, including the Host, Filename, and Authorization fields. As an example, if an attacker crafts a request containing a filename field with more than 150 bytes, the vulnerability is triggered.
An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges or to crash services. Successful attacks may result in the complete compromise of affected computers.
IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.116 is vulnerable; other versions may also be affected.
Affected Products:
- IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.116
References:
- IBM: IBM Tivoli Provisioning Manager Express Homepage
- IBM: Tivoli Provisioning Manager for OS Deployment Fix Pack 5.1.0-TIV-TPMOSD-FP0002
- iDefense Labs: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
