IBM Tivoli Endpoint Manager ultra-long POST Parameter Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
IBM Tivoli Endpoint Manager
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48049
Cve id: CVE-2011-1220

Based on the BigFix technology, IBM Tivoli Endpoint Manager enables fast and intelligent Endpoint management.

The implementation of IBM Tivoli Endpoint Manager has the POST Query Buffer Overflow Vulnerability. Remote attackers can exploit this vulnerability to control the affected systems.

The stack buffer overflow vulnerability exists in IBM Tivoli Endpoint Manager when processing ultra-long POST query parameters. This vulnerability can be triggered when an http post request that exceeds 256 bytes is sent to lcfd.exe that monitors the tcpport 9495. This vulnerability requires authentication, but the hard-coded account tivoli/boss can be used to bypass authentication restrictions.

<* Source: Metasploit
Tenable Network Security (http://www.tenablesecurity.com /)

Link: http://www.exploit-db.com/exploits/17392/
Http://www.zerodayinitiative.com/advisories/ZDI-11-169/
Https://www-304.ibm.com/support/docview.wss? Uid = swg21499146 & wv = 1
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Metasploit () provides the following test methods:

Http://www.exploit-db.com/download/17392

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://www-304.ibm.com/support/docview.wss? Uid = swg21499146
Http://www.ers.ibm.com/