Overview
IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative.
Description
IBM Director is a suite of system management tools. When a rogue connection request is made to IBM Director Systems, specifically the CIM Server, a thread is created that listens on a port, waiting for a specific response from the client. If the client does not send the expected response, the thread remains in memory listening, indicating a high CPU utilization until the client connects to it. If multiple rogue clients connect simultaneously, the finite number of connections can be exhausted causing server to crash. |
Impact
IBM Director Systems will become inaccessible for management. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to IBM for reporting this vulnerability, who in turn credit Juniper Networks.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2007-5612 |
Severity Metric: | 0.91 |
Date Public: | 2007-11-20 |
Date First Published: | 2007-11-20 |
Date Last Updated: | 2007-11-20 21:19 UTC |
Document Revision: | 5 |