‫ IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

IRCAD2012031762
ID: IRCAD2012031762
Release Date: 2012-03-02
Criticality level: Highly critical
 
Software:
IBM Tivoli Provisioning Manager Express for Software Distribution 4.x
 
Description:
Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system.
1) Certain input passed via "Printer.getPrinterAgentKey" to the SoapServlet servlet is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A boundary error in the "RunAndUploadFile()" method of the Isig.isigCtl.1 ActiveX Control can be exploited to cause a stack-based buffer overflow.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
3) Certain input passed via "User.updateUserValue()" to the register.do servlet is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) Certain input passed via User.isExistingUser() to the logon.do servlet is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) Certain input passed via "Asset.getHWKey()" to the CallHomeExec servlet is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
6) Certain input passed via "Asset.getMimeType()" to the getAttachment servlet is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in version 4.1.1. Other versions may also be affected.
 
Solution
Filter malicious characters and character sequences using a proxy. Set the kill-bit for the affected ActiveX control.
 
References:
ZDI-12-040:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 13 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0