IBM Tivoli Management Framework Endpoint存在缓冲溢出漏洞发布时间:2002-07-18 更新时间:2002-07-18 严重程度:中 威胁程度:远程拒绝服务 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:5235 受影响系统 IBM Tivoli Management Framework 3.6详细描述 Tivoli Management Framework在末端主机默认安装HTTP服务程序。 Tivoli Management Framework在接收到客户端提交的包含超长字符的GET命令请求,可导致产生缓冲溢出,精心构造提交的请求可以以WEB进程执行任意命令。 测试代码 无 解决方案 联系供应商采用如下补丁: IBM Tivoli Management Framework 3.6: IBM Patch Tivoli Fixpack 2 Contact IBM support to obtain this Fixpack. IBM Tivoli Management Framework 3.6.1: IBM Patch Tivoli Fixpack 2 Contact IBM support to obtain this Fixpack. IBM Tivoli Management Framework 3.7: IBM Patch Tivoli Fixpack 2 Contact IBM support to obtain this Fixpack. IBM Tivoli Management Framework 3.7.1: IBM Patch Patches 3.7.1-TMF-0066 IBM Patch Tivoli Fixpack 2 Contact IBM support to obtain this Fixpack. http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html 相关信息 Mark Rowe <mark.rowe@pentest-limited.com> 参考:http://online.securityfocus.com/advisories/4282 |
