Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 | vendor advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg21635080 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 | vendor advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 | vendor advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83724 | vdb entry |
| http://www-01.ibm.com/support/docview.wss?uid=swg21640752 | vendor advisory |