search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IBM Tivoli Firewall Toolbox contains vulnerability

Vulnerability Note VU#210937

Original Release Date: 2003-03-19 | Last Revised: 2003-03-19


A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system.


A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been discovered. The IBM Tivoli Firewall Toolbox, according to the IBM statement, provides the underlying communication for the framework-based applications within a firewalled environment. This is an optional component, and not part of the base installation for IBM Tivoli Management Environment.


A remote unauthenticated attacker may be able to execute arbitrary code on the system running the Tivoli Firewall Toolbox. The Tivoli Firewall Toolbox typically runs as user nobody, but may be configured to run as another user.


This issue has been addressed in version 1.3 of the Tivoli Firewall Toolbox.

According to IBM's statement, downloads of version 1.3 of the IBM Tivoli Firewall Toolbox can be found at: (Entitled Customers only) (anonymous access)

Vendor Information


Tivoli Systems Affected

Updated:  March 19, 2003



Vendor Statement

IBM Tivoli Firewall Toolbox, version 1

IBM Tivoli FirewallToolbox, version 1.2


Ubizen, a provider ofManaged Security Solutions, has identified a potential buffer overflow securityvulnerability with the IBM Tivoli Firewall Toolbox, version 1.2.  Thisvulnerability has been corrected in IBM Tivoli’s Firewall Toolbox, version 1.3,which is available for download through the support site.



This information iscurrent as of March 19th,2003.



The IBM Tivoli FirewallToolbox provides the underlying communication for the framework-basedapplications within a firewalled environment.  This is an optional component,and not part of the base installation for IBM Tivoli Management Environment. The vulnerability was discovered in this communication layer, and if leftunchecked, can potentially expose that system to remote access by anunauthorized user, who could exploit the vulnerability and compromise theoperation of the Tivoli environment within the firewalled environment.  


The updated version ofthe Tivoli Firewall Toolbox (version 1.3) remedies this potential exposure inthe product and is freely available.  Please see 𠆏ix Location’ for informationon how to obtain this latest upgrade. For further information regarding thisvulnerability, please refer to the notice at, and select the‘Support Flashes’ link.



IBM Tivoli FirewallToolbox, version 1.3 corrects this exposure in the product and is freelyavailable.  IBM strongly encourages all users of IBM Tivoli Firewall Toolbox,version 1.2 to install this updated version as soon as possible to remedy thispotential vulnerability


Please see 𠆏ixLocation’ for information on how to obtain this latest upgrade.



Download of version 1.3of the IBM Tivoli Firewall Toolbox can be found at: (Entitled Customersonly) (anonymous access)




For any questions,support can be obtained through the following means:

·            Local call center

·            Create PMR through theonline support page


Pleaserefer to forinformation regarding these options.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Ubizen for discovering this vulnerability and to IBM Tivoli Systems for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: None
Severity Metric: 10.31
Date Public: 2003-03-19
Date First Published: 2003-03-19
Date Last Updated: 2003-03-19 21:39 UTC
Document Revision: -1

Sponsored by CISA.