The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tivoli Risk Manager

computer vulnerability announce CVE-2011-1220

Tivoli Management Framework: buffer overflow via http

Synthesis of the vulnerability

An attacker can send a HTTP request with malicious parameters, leading to a denial of service or to code execution.
Impacted products: Tivoli Risk Manager.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition, denial of service on service.
Provenance: intranet client.
Creation date: 31/05/2011.
Identifiers: 1499146, BID-48049, CERTA-2011-AVI-322, CVE-2011-1220, VIGILANCE-VUL-10697, ZDI-11-169, ZDI-CAN-964.

Description of the vulnerability

The product Tivoli Risk Manager usesTivoli Management Framework.

A user can connect to the endpoint lcfd.exe Tivoli Management Framework. The endpoint lcfd implements an HTTP web server on the port 9495/tcp. However if the endpoint lcfd receives an HTTP request with opts arguments length greater than 256 bytes, this causes a buffer overflow.

An attacker can therefore send a HTTP request with malicious parameters, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2005-2170

Tivoli Management Framework : déni de service

Synthesis of the vulnerability

Le processus lcfd de Tivoli Management Framework est sensible à un déni de service.
Impacted products: Tivoli Risk Manager.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/07/2005.
Identifiers: BID-14194, CVE-2005-2170, V6-TIVOLIMANAFRAME5MIN, VIGILANCE-VUL-5058.

Description of the vulnerability

Le produit Tivoli Risk Manager emploie Tivoli Management Framework.

Un utilisateur peut se connecter sur le endpoint lcfd de Tivoli Management Framework. Cependant, si il interrompt la session, un timeout de 5 minutes empêche toute autre connexion.

Un attaquant du réseau peut donc mener un déni de service sur le processus lcfd.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.