1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: IBM Tivoli Management Framework Argument CVE-2011-1220

Attack: IBM Tivoli Management Framework Argument CVE-2011-1220

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to a stack based buffer overflow vulnerability in IBM Tivoli Management Framework application.

Additional Information

IBM Tivoli Management Framework provides tools for managing large numbers of remote locations or devices.

The application is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue affects the 'lcfd.exe' process, which listens by default on TCP port 9495. Authenticated attackers, or non-authenticated attackers who leverage a built-in account, can exploit this issue by sending a specially crafted HTTP request with an 'opts' argument larger than 256 bytes, causing a stack-based buffer overflow.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attacks will cause denial-of-service conditions.

IBM Tivoli Management Framework 4.1, 4.1.1, and 4.3.1 are vulnerable.


  • IBM Tivoli Management Framework 4.1, 4.1.1 and 4.3.1


Vendor has issued an update to resolve this issue. Please see vendor's website for further references.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube