Overview
The IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service.
Description
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) is a network boot server that facilitates central management of networked workstations. IBM TPMfOSD contains a buffer overflow vulnerability within the logging functionality of the web server component. A remote, unauthenticated attacker may be able to exploit this vulnerability by sending a specially crafted HTTPS (443/TCP) request to a target machine. |
Impact
A remote, unauthenticated attacker could execute arbitrary code with SYSTEM privileges or crash the server process, causing a denial of service. |
Solution
Apply an Update IBM has released Interim Fix 3 Version 5.1.0.3 to address this issue. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to iDefense Labs for reporting this vulnerability.
This document was written by John Hollenberger.
Other Information
| CVE IDs: | CVE-2008-0401 |
| Severity Metric: | 8.17 |
| Date Public: | 2008-01-24 |
| Date First Published: | 2008-03-06 |
| Date Last Updated: | 2008-03-06 15:36 UTC |
| Document Revision: | 17 |