CVE-2017-3774: Buffer Overflow
First published: Thu Apr 19 2018(Updated: )
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Integrated Management Module 2 | <4.70 | |
| Lenovo Flex System X240 M4 | ||
| Lenovo Flex System X240 M5 | ||
| Lenovo Flex System X280 X6 | ||
| Lenovo Flex System X440 M4 | ||
| Lenovo Flex System X480 X6 | ||
| Lenovo Flex System X880 | ||
| Lenovo Nextscale Nx360 M5 | ||
| Lenovo System X3250 M6 | ||
| Lenovo System X3500 M5 | ||
| Lenovo System X3550 M5 | ||
| Lenovo System X3650 M5 | ||
| Lenovo System X3750 M4 | ||
| Lenovo System X3850 X6 | ||
| Lenovo System X3950 X6 | ||
| Lenovo Integrated Management Module 2 | <6.60 | |
| Ibm Bladecenter Hs22 | ||
| Ibm Bladecenter Hs23 | ||
| Ibm Bladecenter Hs23e | ||
| Ibm Flex System X220 M4 | ||
| Ibm Flex System X222 M4 | ||
| Ibm Flex System X240 M4 | ||
| Ibm Flex System X280 M4 | ||
| Ibm Flex System X440 M4 | ||
| Ibm Flex System X480 M4 | ||
| Ibm Flex System X880 M4 | ||
| Ibm Idataplex Dx360 M4 | ||
| Ibm Idataplex Dx360 M4 Water Cooled | ||
| Ibm Nextscale Nx360 M4 | ||
| Ibm System X3100 M4 | ||
| Ibm System X3100 M5 | ||
| Ibm System X3250 M4 | ||
| Ibm System X3250 M5 | ||
| Ibm System X3300 M4 | ||
| Ibm System X3500 M4 | ||
| Ibm System X3530 M4 | ||
| Ibm System X3550 M4 | ||
| Ibm System X3630 M4 | ||
| Ibm System X3650 M4 | ||
| Ibm System X3650 M4 Bd | ||
| Ibm System X3650 M4 Hd | ||
| Ibm System X3750 M4 | ||
| Ibm System X3850 X6 | ||
| Ibm System X3950 X6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lenovo
- canonical/lenovo integrated management module 2
- canonical/lenovo flex system x240 m4
- canonical/lenovo flex system x240 m5
- canonical/lenovo flex system x280 x6
- canonical/lenovo flex system x440 m4
- canonical/lenovo flex system x480 x6
- canonical/lenovo flex system x880
- canonical/lenovo nextscale nx360 m5
- canonical/lenovo system x3250 m6
- canonical/lenovo system x3500 m5
- canonical/lenovo system x3550 m5
- canonical/lenovo system x3650 m5
- canonical/lenovo system x3750 m4
- canonical/lenovo system x3850 x6
- canonical/lenovo system x3950 x6
- vendor/ibm
- canonical/ibm bladecenter hs22
- canonical/ibm bladecenter hs23
- canonical/ibm bladecenter hs23e
- canonical/ibm flex system x220 m4
- canonical/ibm flex system x222 m4
- canonical/ibm flex system x240 m4
- canonical/ibm flex system x280 m4
- canonical/ibm flex system x440 m4
- canonical/ibm flex system x480 m4
- canonical/ibm flex system x880 m4
- canonical/ibm idataplex dx360 m4
- canonical/ibm idataplex dx360 m4 water cooled
- canonical/ibm nextscale nx360 m4
- canonical/ibm system x3100 m4
- canonical/ibm system x3100 m5
- canonical/ibm system x3250 m4
- canonical/ibm system x3250 m5
- canonical/ibm system x3300 m4
- canonical/ibm system x3500 m4
- canonical/ibm system x3530 m4
- canonical/ibm system x3550 m4
- canonical/ibm system x3630 m4
- canonical/ibm system x3650 m4
- canonical/ibm system x3650 m4 bd
- canonical/ibm system x3650 m4 hd
- canonical/ibm system x3750 m4
- canonical/ibm system x3850 x6
- canonical/ibm system x3950 x6