Executive Summary
Summary | |
---|---|
Title | IBM Director fails to properly time-out connection requests from clients |
Informations | |||
---|---|---|---|
Name | VU#512193 | First vendor Publication | 2007-11-20 |
Vendor | VU-CERT | Last vendor Modification | 2007-11-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#512193IBM Director fails to properly time-out connection requests from clientsOverviewIBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative.I. DescriptionIBM Director is a suite of system management tools.When a rogue connection request is made to IBM Director Systems, specifically the CIM Server, a thread is created that listens on a port, waiting for a specific response from the client. If the client does not send the expected response, the thread remains in memory listening, indicating a high CPU utilization until the client connects to it. If multiple rogue clients connect simultaneously, the finite number of connections can be exhausted causing server to crash.
References
Thanks to IBM for reporting this vulnerability, who in turn credit Juniper Networks. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/512193 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39269 | IBM Director CIM Server Multiple Idle Connections Remote DoS IBM Director CIM Server contains a flaw that may allow a remote denial of service. The issue is triggered when a large number of idle connections occurs, and will result in loss of availability for the service. |