Users login

Create an account »


Users login

Home » Hacking News » IBM Tivoli Management Framework Buffer Overflow

IBM Tivoli Management Framework Buffer Overflow

by Nikola Strahija on July 15th, 2002 A remote buffer overflow condition exists in the webserver (default port 9495) running on TMR Endpoints. This can result in a denial of service and execution of arbitrary code.


An overly long GET request results in a buffer overflow, with registers
being overwritten with user supplied data.

This results in the TMR Endpoint Service crashing (LCFD process) and
allows arbitrary code to be executed as a privileged user (SYSTEM on NT
or root on Unix). The loss of the lcfd process terminates all endpoint

Tested on: W2K and NT4 SP6a.


Apply latest Fixpack (Currently Fixpack 2 or Patches 3.7.1-TMF-0066), or
apply workaround.

Vendor status

Tivoli were notified 12 April 2002.

Vendor has released a security alert with details of patches and
workarounds. See


Discovered by
Mark Rowe ( [email protected])
Jeff Fay ( [email protected] )

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »