1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: IBM Director CVE-2009-0880

Attack: IBM Director CVE-2009-0880

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a privilege-escalation vulnerability in IBM Director application.

Additional Information

IBM Director is an application that can track and view system configurations of remote computers. It is available for Linux and Windows.

IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server because it fails to sufficiently validate user-supplied input if the form of indication requests. Specifically, directory-traversal strings can be used to escape the application's default path.

Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process.

Affected

  • IBM Director 5.20.3
  • IBM Director 5.20.1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube