Security update for IBM Tivoli
IBM has fixed a vulnerability in its Tivoli management solution which could be exploited by an attacker to gain control of a system remotely. Exploitation of this vulnerability merely required an attacker to send packets containing overlong strings to the Tivoli Universal Agent Primary Service (TCP port 10110), the Monitoring Agent for Windows (TCP port 6014) or the Tivoli Enterprise Portal Server (TCP port 14206), causing a heap overflow in the kde.dll function. According to the Zero Day Initiative, this could be exploited to inject and execute code. IBM Tivoli Monitoring Express 6.1 under Windows HP-UX, Solaris, Linux and AIX, which is found in the solutions cited, is affected. A fix pack fixes the problem.
- IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vulnerability, security advisory from ZDI