A remove buffer overflow in IBM Tivoli ManagedNode v3.6.x through 3.7.1 allows attackers to crash the spider process or execute arbitrary code on TMR ManagedNotes. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Solaris 8 (Sparc).
8cfc7d24ca4e2b6ff9a79befe4e32557c6ab3305892f9376b8d975a511dce55c