search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

IBM Tivoli Firewall Toolbox contains vulnerability

Vulnerability Note VU#210937

Original Release Date: 2003-03-19 | Last Revised: 2003-03-19

Overview

A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system.

Description

A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been discovered. The IBM Tivoli Firewall Toolbox, according to the IBM statement, provides the underlying communication for the framework-based applications within a firewalled environment. This is an optional component, and not part of the base installation for IBM Tivoli Management Environment.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code on the system running the Tivoli Firewall Toolbox. The Tivoli Firewall Toolbox typically runs as user nobody, but may be configured to run as another user.

Solution

This issue has been addressed in version 1.3 of the Tivoli Firewall Toolbox.

According to IBM's statement, downloads of version 1.3 of the IBM Tivoli Firewall Toolbox can be found at:

http://www-3.ibm.com/software/sysmgmt/products/support/IBMTivoliManagementFramework.html (Entitled Customers only)
ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_1.3 (anonymous access)

Vendor Information

210937
 
Expand all

Tivoli Systems Affected

Updated:  March 19, 2003

Status

Affected

Vendor Statement

IBM Tivoli Firewall Toolbox, version 1

IBM Tivoli FirewallToolbox, version 1.2

INTRODUCTION

Ubizen, a provider ofManaged Security Solutions, has identified a potential buffer overflow securityvulnerability with the IBM Tivoli Firewall Toolbox, version 1.2.  Thisvulnerability has been corrected in IBM Tivoli’s Firewall Toolbox, version 1.3,which is available for download through the IBM.com support site.

 

LASTUPDATE

This information iscurrent as of March 19th,2003.

 

DETAILS

The IBM Tivoli FirewallToolbox provides the underlying communication for the framework-basedapplications within a firewalled environment.  This is an optional component,and not part of the base installation for IBM Tivoli Management Environment. The vulnerability was discovered in this communication layer, and if leftunchecked, can potentially expose that system to remote access by anunauthorized user, who could exploit the vulnerability and compromise theoperation of the Tivoli environment within the firewalled environment.  

 

The updated version ofthe Tivoli Firewall Toolbox (version 1.3) remedies this potential exposure inthe product and is freely available.  Please see 𠆏ix Location’ for informationon how to obtain this latest upgrade. For further information regarding thisvulnerability, please refer to the notice at

 

http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliManagementFramework.html, and select the‘Support Flashes’ link.

 

SOLUTION

IBM Tivoli FirewallToolbox, version 1.3 corrects this exposure in the product and is freelyavailable.  IBM strongly encourages all users of IBM Tivoli Firewall Toolbox,version 1.2 to install this updated version as soon as possible to remedy thispotential vulnerability

 

Please see 𠆏ixLocation’ for information on how to obtain this latest upgrade.

 

FIXLOCATION

Download of version 1.3of the IBM Tivoli Firewall Toolbox can be found at:

http://www-3.ibm.com/software/sysmgmt/products/support/IBMTivoliManagementFramework.html (Entitled Customersonly)

 

ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_1.3 (anonymous access)

 

 

QUESTIONS

For any questions,support can be obtained through the following means:

·            Local call center

·            Create PMR through theonline support page

 

Pleaserefer to http://www-3.ibm.com/software/sysmgmt/products/support/ forinformation regarding these options.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Ubizen for discovering this vulnerability and to IBM Tivoli Systems for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: None
Severity Metric: 10.31
Date Public: 2003-03-19
Date First Published: 2003-03-19
Date Last Updated: 2003-03-19 21:39 UTC
Document Revision: -1

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis