Vulnerability Note VU#158609
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request
The IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service.
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) is a network boot server that facilitates central management of networked workstations. IBM TPMfOSD contains a buffer overflow vulnerability within the logging functionality of the web server component. A remote, unauthenticated attacker may be able to exploit this vulnerability by sending a specially crafted HTTPS (443/TCP) request to a target machine.
A remote, unauthenticated attacker could execute arbitrary code with SYSTEM privileges or crash the server process, causing a denial of service.
Apply an Update
IBM has released Interim Fix 3 Version 220.127.116.11 to address this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM Corporation||Affected||-||06 Mar 2008|
CVSS Metrics (Learn More)
Thanks to iDefense Labs for reporting this vulnerability.
This document was written by John Hollenberger.
- CVE IDs: CVE-2008-0401
- Date Public: 24 Jan 2008
- Date First Published: 06 Mar 2008
- Date Last Updated: 06 Mar 2008
- Severity Metric: 8.17
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.