Vulnerabilities > CVE-2007-3268 - Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | IBM_TPMFOSD_TFTPD_BLOCKSIZE_DOS.NASL |
description | The remote host is running IBM Tivoli Provisioning Manager for OS Deployment, for remote deployment and management of operating systems. The TFTPD component of the version of this software installed on the remote host does not handle read requests with an invalid |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25738 |
published | 2007-07-19 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25738 |
title | IBM Tivoli Provisioning Manager for OS Deployment TFTPD Malformed PRQ Request DoS |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 24942 CVE(CAN) ID: CVE-2007-3268 IBM Tivoli Provisioning Manager for OS Deployment是一款网络引导服务器,方便集中管理联网的工作站。 Tivoli Provisioning Manager for OS Deployment没有正确地实现TFTP协议,在处理读请求(RRQ)时无效的blksize参数可能导致将0用作除数,触发无法处理的异常,rembo.exe服务会终止。 无须认证就可以利用这个漏洞。攻击者仅需向有漏洞机器的TFTP端口(UDP 69)发送特制请求就可以导致DHCP、TFTP、PXE、HTTP、HTTPS等服务终止。 IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.2 临时解决方法: * 限制对UDP 69端口的访问 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www-1.ibm.com/support/docview.wss?uid=swg24016347" target="_blank">http://www-1.ibm.com/support/docview.wss?uid=swg24016347</a> |
id | SSV:2014 |
last seen | 2017-11-19 |
modified | 2007-07-18 |
published | 2007-07-18 |
reporter | Root |
title | IBM Tivoli Provisioning Manager for OS Deployment 0除数拒绝服务漏洞 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=560
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=560
- http://secunia.com/advisories/26093
- http://secunia.com/advisories/26093
- http://securitytracker.com/id?1018401
- http://securitytracker.com/id?1018401
- http://www.securityfocus.com/bid/24942
- http://www.securityfocus.com/bid/24942
- http://www.vupen.com/english/advisories/2007/2560
- http://www.vupen.com/english/advisories/2007/2560
- http://www-1.ibm.com/support/docview.wss?uid=swg24016347
- http://www-1.ibm.com/support/docview.wss?uid=swg24016347
- http://www3.software.ibm.com/ibmdl/pub/software/tivoli_support/patches/patches_5.1.0/5.1.0-TIV-TPMOSD-FP0003/5.1.0-TIV-TPMOSD-FP0003.README.HTM
- http://www3.software.ibm.com/ibmdl/pub/software/tivoli_support/patches/patches_5.1.0/5.1.0-TIV-TPMOSD-FP0003/5.1.0-TIV-TPMOSD-FP0003.README.HTM
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35468
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35468