The host is running IBM Director CIM Server and is prone to directory traversal vulnerability.

Successful exploitation will allow remote attackers to traverse the file system and specify any library on the system. Impact Level: Application

Upgrade to IBM Director version 5.20.3 Service Update 2 or later, https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

The flaw is due to error in IBM Director CIM Server, which allow remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.

IBM Director version 5.20.3 Service Update 1 and prior

• http://osvdb.org/52616
• http://secunia.com/advisories/34212
• http://www.exploit-db.com/exploits/23074/
• https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-2_IBM_director_privilege_escalation.txt
• https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

---

Updated on 2015-03-25