Secunia Security Advisory - NISCC has reported a vulnerability in IBM Tivoli Management Framework Endpoint's lcfp process, which potentially can be exploited to cause a DoS (Denial of Service).
2f602e006a9c2bd09a3b8e2e7354db0d7d258dfcec59608d3761422d45a28e0c
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
IBM Tivoli Management Framework Endpoint Denial of Service
SECUNIA ADVISORY ID:
SA15953
VERIFY ADVISORY:
http://secunia.com/advisories/15953/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
IBM Tivoli Management Framework 4.x
http://secunia.com/product/2866/
DESCRIPTION:
NISCC has reported a vulnerability in IBM Tivoli Management Framework
Endpoint's "lcfp" process, which potentially can be exploited to cause
a DoS (Denial of Service).
The vulnerability is caused due to the endpoint waiting for 5 minutes
before it can accept any new connections after a connection has been
made to the endpoint and then dropped. The "lcfd" process will be
unresponsive for 5 minutes.
The vulnerability has been reported in version 4.1.1, endpoint
version 41015.
SOLUTION:
Apply the latest LCF Patch (4.1.1-LCF-0020)
http://www-1.ibm.com/support/docview.wss?uid=swg24009815
PROVIDED AND/OR DISCOVERED BY:
NISCC (National Infrastructure Security Coordination Centre)
ORIGINAL ADVISORY:
http://www-1.ibm.com/support/docview.wss?uid=swg21210334
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------