IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) Network Vulnerability

Summary

The host is running IBM Director CIM Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to traverse the file system and specify any library on the system. Impact Level: Application

Solution

Upgrade to IBM Director version 5.20.3 Service Update 2 or later, https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

Insight

The flaw is due to error in IBM Director CIM Server, which allow remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.

Affected

IBM Director version 5.20.3 Service Update 1 and prior

References

http://osvdb.org/52616
http://secunia.com/advisories/34212
http://www.exploit-db.com/exploits/23074/
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-2_IBM_director_privilege_escalation.txt
https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0880

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
CA Gateway Security Remote Code Execution Vulnerability

Take action and discover your vulnerabilities