IBM Fixes Flaw in Tivoli Provisioning Manager
April 4, 2007Remote exploitation could allow attackers to crash the service or execute malicious code with SYSTEM privileges.
IBM has patched multiple flaws in its Tivoli Provisioning Manager for OS Deployment that allowed attackers to crash the service or execute arbitrary code with SYSTEM priviledges.
Tivoli Provisioning Manager for OS Deployment is a network boot server that facilitates central management of networked workstations, implements PXE (Pre-boot Execution Environment) as well as a Web-based administration service.
The vulnerabilities exist in the handling of multi-part/form-data HTTP POST requests, according to an advisory by Sterling, Va.-based iDefense Labs. Malformed requests can cause invalid memory accesses, leading to denial of service or possibly heap corruption.
"No authentication is required to access the vulnerable code," according to the iDefense Labs advisory. "The attacker need only be able to send a specially crafted request to the HTTP (8080) or HTTP-SSL (443) port of the management service. It should be noted that this service can be run with reduced privileges. iDefense recommends running this service with the least amount of privileges possible."
IBM has addressed these vulnerabilities within Tivoli Provisioning Manager for OS Deployment 5.1 Fix Pack 2. The vulnerabilities are known to exist within version 5.1.0.116 of Tivoli Provisioning Manager for OS Deployment, and older versions may be affected as well. Employing firewalls to limit access to the affected service will mitigate exposure to these vulnerabilities, iDefense stated in the advisory.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (31) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
A way to send and receive wireless data
5 hours ago
-
Tabletop Cold Fusion Reactor
6 hours ago
-
Calling function with no input argument
Feb 10, 2012
-
Force free body diagram problem on gym equipment
Feb 10, 2012
-
Empirical data regarding shower heads and water
Feb 10, 2012
-
feed hold button on CNC lathe
Feb 09, 2012
- More from Physics Forums - General Engineering
More news stories
Walney offshore wind farm is world's biggest (for now)
(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...
Technology / Energy & Green Tech
7 hours ago |
3.4 / 5 (7) |
20
|
GPS court ruling leaves US phone tracking unclear
A US Supreme Court decision requiring a warrant to place a GPS device on the car of a criminal suspect leaves unresolved the bigger issue of police tracking using mobile phones, legal experts say.
8 hours ago |
4 / 5 (2) |
0
Netflix settlement trims 14 pct off 4Q earnings
(AP) -- Netflix pressed the rewind button on its fourth-quarter earnings after settling allegations that the video subscription service violated a consumer-privacy law.
8 hours ago |
not rated yet |
0
Europeans protest controversial Internet pact
Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.
4 hours ago |
5 / 5 (2) |
0
Google users warned of threat to smartphone wallets
Users of Google smartphone wallets were being warned on Friday that there is a way to crack pass codes intended to thwart thieves from going on illicit shopping sprees.
23 hours ago |
5 / 5 (4) |
0
Study finds that anti-diabetic medication can prevent the long-term effects of maternal obesity
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that show that short therapy with the anti-diabetic medication ...
Europe stakes billion-dollar bet on new rocket
A pencil-slim rocket is scheduled to lift into space from South America on Monday, carrying a billion-dollar bet that Europe can grab a juicy slice of the market to place satellites in low orbit.
Steroid injections prove effective in treatment of lumbar disc herniations
The use of epidural steroid injections may be a more efficient treatment option for lumbar disc herniations, according to research presented today at the American Orthopaedic Society for Sports Medicine's Specialty Day in ...
Amateur football players not always keen on returning to play after ACL injuries
Despite the known success rates of reconstructive Anterior Cruciate Ligament (ACL) surgery, the number of high school and collegiate football players returning to play may not be as high as anticipated, say researchers presenting ...
Study finds elevated levels of cell-free DNA in first trimester do not predict preeclampsia
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that indicate that elevated levels of cell-free DNA in ...
PRP treatment aids healing of elbow injuries say researchers
As elbow injuries continue to rise, especially in pitchers, procedures to help treat and get players back in the game quickly have been difficult to come by. However, a newer treatment called platelet rich plasma (PRP) may ...
