---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Provisioning Manager for OS Deployment "multipart/form-data" Handling Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24717 VERIFY ADVISORY: http://secunia.com/advisories/24717/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: IBM Tivoli Provisioning Manager for OS Deployment 5.x http://secunia.com/product/13836/ DESCRIPTION: Some vulnerabilities have been reported in IBM Tivoli Provisioning Manager for OS Deployment, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to errors within the management service when handling multipart/form-data in HTTP POST requests. These can be exploited to crash the service or cause a heap corruption via specially crafted HTTP POST requests to ports 443/TCP and 8080/TCP of the management service. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in version 5.1.0.116. Other versions may also be affected. SOLUTION: Apply fix pack 5.1.0-TIV-TPMOSD-FP0002. http://www-1.ibm.com/support/docview.wss?uid=swg24015347 PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=498 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------