iDefense Security Advisory 01.22.08 - Remote exploitation of a buffer overflow vulnerability in the web server component of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment allows attackers to cause a denial of service condition or potentially execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists within the logging functionality of the web server component. By making requests with a large HTTP request method, an attacker can cause a static-sized buffer to be overrun with data they supplied. iDefense has confirmed the existence of this vulnerability in IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.3. Previous versions may also be affected.
43cc7ce0fa301c94cc9b1e2a2764e9657d25cf17e034be6283e72f34cfe0fb11