‘IBM BladeCenter Management Module Denial of Service vulnerability’

Published on June 21st, 2010
Summary

The BladeCenter management module can be rebooted remotely.’

Credit:

‘The information has been provided by Alexey Sintsov.
The original article can be found at: http://dsecrg.com/pages/vul/show.php?id=149


Details

Vulnerable Systems:
 * IBM BladeCenter Managmet Module versions prior to BPET50G

Immune Systems:
 * IBM BladeCenter Managmet Module version BPET50G

An attacker can reset the management module by sending about five or ten malformed packets on its remote presence port (3900/tcp). All legal users, who use the management module and management network will be disconnected.

Disclosure Timeline:
2009-07-24 – Vulnerability reported to vendor
2009-07-26 – Vendor Response
2010-04-15 – Public release of advisory’

Categories: UNIX
Tags:

Related Posts

UNIX

‘ProFTPD Response Pool Use-After-Free Code Execution Vulnerability’

'This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.'

UNIX

‘Insight Control for Linux Multiple Vulnerabilities’

'Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.'

UNIX

‘HP-UX Running NFS/ONCplus Denial of Service Vulnerability’

'A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX.'