{"vuid":"VU#158609","idnumber":"158609","name":"IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request","keywords":["IBM","Tivoli","TPMfOSD","buffer overflow","denial of service","DoS","arbitrary code execution","HTTP request"],"overview":"The IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service.","clean_desc":"IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) is a network boot server that facilitates central management of networked workstations. IBM TPMfOSD contains a buffer overflow vulnerability within the logging functionality of the web server component. A remote, unauthenticated attacker may be able to exploit this vulnerability by sending a specially crafted HTTPS (443/TCP) request to a target machine.","impact":"A remote, unauthenticated attacker could execute arbitrary code with SYSTEM privileges or crash the server process, causing a denial of service.","resolution":"Apply an Update\nIBM has released Interim Fix 3 Version 5.1.0.3 to address this issue.","workarounds":"Block or Restrict Access Block or restrict access to the web server component from untrusted hosts and networks.","sysaffected":"","thanks":"Thanks to iDefense Labs for reporting this vulnerability.","author":"This document was written by John Hollenberger.","public":["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647","http://www-1.ibm.com/support/docview.wss?uid=swg24018010","http://securitytracker.com/alerts/2008/Jan/1019249.html","http://www.securityfocus.com/bid/27387","http://secunia.com/advisories/28604"],"cveids":["CVE-2008-0401"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-01-24T19:45:29Z","publicdate":"2008-01-24T00:00:00Z","datefirstpublished":"2008-03-06T15:35:30Z","dateupdated":"2008-03-06T15:36:16Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"11","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"18","cam_scorecurrent":"8.1675","cam_scorecurrentwidelyknown":"22.275","cam_scorecurrentwidelyknownexploited":"37.125","ipprotocol":"TCP","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.1675,"vulnote":null}