Vulnerability Details : CVE-2011-1220
Public exploit exists!
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-1220
- cpe:2.3:a:ibm:tivoli_management_framework:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_management_framework:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_management_framework:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_management_framework:4.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1220
97.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-1220
-
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Disclosure Date: 2011-05-31First seen: 2020-04-26exploit/windows/http/ibm_tivoli_endpoint_bofThis module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.e
CVSS scores for CVE-2011-1220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2011-1220
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1220
-
http://www.securityfocus.com/archive/1/518199/100/0/threaded
SecurityFocus
-
http://www-01.ibm.com/support/docview.wss?uid=swg21499146
IBM Security Vulnerability - CVE-2011-1220: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution / CVE-2011-2330: IBM Tivoli Endpoint has an unspecified "built-in account"
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67631
IBM Tivoli Endpoint lcfd.exe buffer overflow CVE-2011-1220 Vulnerability Report
-
http://zerodayinitiative.com/advisories/ZDI-11-169/
ZDI-11-169 | Zero Day Initiative
-
http://www.ibm.com/support/docview.wss?uid=swg1IZ90238
IBM notice: The page you requested cannot be displayed
-
http://securityreason.com/securityalert/8268
IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability - CXSecurity.com
-
http://securitytracker.com/id?1025581
IBM Tivoli Management Framework Buffer Overflow in 'lcfd.exe' Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
Jump to