In association with heise online

23 April 2007, 09:51

Security update for IBM Tivoli

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM has fixed a vulnerability in its Tivoli management solution which could be exploited by an attacker to gain control of a system remotely. Exploitation of this vulnerability merely required an attacker to send packets containing overlong strings to the Tivoli Universal Agent Primary Service (TCP port 10110), the Monitoring Agent for Windows (TCP port 6014) or the Tivoli Enterprise Portal Server (TCP port 14206), causing a heap overflow in the kde.dll function. According to the Zero Day Initiative, this could be exploited to inject and execute code. IBM Tivoli Monitoring Express 6.1 under Windows HP-UX, Solaris, Linux and AIX, which is found in the solutions cited, is affected. A fix pack fixes the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit