Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0880

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0880
Last Modified 21 Mar 2009 01:55:08
Published 12 Mar 2009 11:20:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0880

Summary

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.

Vulnerable Systems

Application

  • Ibm Director 3.1.1

  • Ibm Director 4.10

  • Ibm Director 4.11

  • Ibm Director 4.12

  • Ibm Director 4.20

  • Ibm Director 4.21

  • Ibm Director 4.22

  • Ibm Director 5.10.0

  • Ibm Director 5.10.1

  • Ibm Director 5.10.2

  • Ibm Director 5.10.3

  • Ibm Director 5.20.0

  • Ibm Director 5.20.1

  • Ibm Director 5.20.2

  • Ibm Director 5.20.3


References

MISC - https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

VUPEN - ADV-2009-0656

MISC - https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt

XF - director-cim-directory-traversal(49286)

BID - 34065

BUGTRAQ - 20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability

SECUNIA - 34212

OSVDB - 52616


Last Updated: 27 May 2016 10:50:24