Title: IBM Tivoli RExec Dependency Vulnerability
Severity: HIGH
Description:
Tivoli is an enterprise-level system management solution. It is maintained and distributed by IBM.
Systems with Tivoli installed may allow remote users to execute commands locally under some circumstances. This is due to the use of unauthenicated access by the rexec protocol as used with Tivoli during the initial install phase of Tivoli.
It is possible to execute commands on systems local to another Tivoli-managed systems with the privileges of the Tivoli Management Station via rexec. In the event that a system local to other Tivoli managed systems is compromised, and elevated privileges on the system gained, it's possible to build a program that will send spoofed rexec commands to other Tivoli managed systems with rexec installed.
During the install and initialization phase of Tivoli, rexec is required to get the framework operational on the system. Afterwards, rexec is no longer required. However, a common problem with such systems is that rexec is never disabled by administrative staff after the framework is operational, thus exposing systems to this risk.
This vulnerability may lead to a remote user gaining local access to a managed system, and could ultimately lead to the remote user gaining elevated privileges on the system, and potentially complete compromise of the system.
Affected Products:
- IBM Tivoli Software Distribution 4.0.0
- IBM Tivoli Software Distribution 4.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
