Check Point Advisories

Update Protection against Directory Traversal Vulnerability in IBM Tivoli Access Manager

Check Point Reference: CPAI-2006-031
Date Published: 26 Mar 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: SecurityTracker ID: 1015582  
Industry Reference:CVE-2006-0513
Protection Provided by:
Who is Vulnerable? Tivoli Access Manager versions 5.1.0.10, 6.0.0. Other versions may also be affected
Vulnerability Description A vulnerability was reported in IBM Tivoli Access Manager. IBM Tivoli Access Manager provides access control security solutions. The vulnerability can be exploited via a specially crafted filename containing '../..' sequences. An attacker may attempt to exploit this vulnerability to place files on folders that are not otherwise permitted by the user.
Update/Patch AvaliableIBM has issued patches for versions 5.1 and 6.0:

Fixpack 5.1.0-TIV-WPI-FP0017 is available at: http://www-1.ibm.com/support/docview.wss?uid=swg24011562 
Fixpack 6.0.0-TIV-WPI-FP0001 is available at: http://www-1.ibm.com/support/docview.wss?uid=swg24011561.
Vulnerability DetailsThe vulnerability specifically exists in the Tivoli Web Server Plug-in component.  'pkmslogout' script does not properly validate user-supplied input in the 'filename' parameter.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK