First published: Thu Apr 19 2018(Updated: )
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Integrated Management Module 2 | <4.70 | |
Lenovo Flex System X240 M4 | ||
Lenovo Flex System X240 M5 | ||
Lenovo Flex System X280 X6 | ||
Lenovo Flex System X440 M4 | ||
Lenovo Flex System X480 X6 | ||
Lenovo Flex System X880 | ||
Lenovo Nextscale Nx360 M5 | ||
Lenovo System X3250 M6 | ||
Lenovo System X3500 M5 | ||
Lenovo System X3550 M5 | ||
Lenovo System X3650 M5 | ||
Lenovo System X3750 M4 | ||
Lenovo System X3850 X6 | ||
Lenovo System X3950 X6 | ||
Lenovo Integrated Management Module 2 | <6.60 | |
Ibm Bladecenter Hs22 | ||
Ibm Bladecenter Hs23 | ||
Ibm Bladecenter Hs23e | ||
Ibm Flex System X220 M4 | ||
Ibm Flex System X222 M4 | ||
Ibm Flex System X240 M4 | ||
Ibm Flex System X280 M4 | ||
Ibm Flex System X440 M4 | ||
Ibm Flex System X480 M4 | ||
Ibm Flex System X880 M4 | ||
Ibm Idataplex Dx360 M4 | ||
Ibm Idataplex Dx360 M4 Water Cooled | ||
Ibm Nextscale Nx360 M4 | ||
Ibm System X3100 M4 | ||
Ibm System X3100 M5 | ||
Ibm System X3250 M4 | ||
Ibm System X3250 M5 | ||
Ibm System X3300 M4 | ||
Ibm System X3500 M4 | ||
Ibm System X3530 M4 | ||
Ibm System X3550 M4 | ||
Ibm System X3630 M4 | ||
Ibm System X3650 M4 | ||
Ibm System X3650 M4 Bd | ||
Ibm System X3650 M4 Hd | ||
Ibm System X3750 M4 | ||
Ibm System X3850 X6 | ||
Ibm System X3950 X6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.