VULHUB ™

Tivoli is an enterprise-level system management solution. It is maintained and distributed by IBM. It may be possible to execute commands remotely on systems managed by Tivoli. During the initial install phase of the Tivoli framework, a system requires the rexec program in a listening status to accept commands from the Tivoli management station. After the framework is installed, rexec is no longer needed. However, a common misconfiguration is to leave rexec listening, making it possible for a user to execute spoofed rexec commands, and gain local access to the system.

Tivoli is an enterprise-level system management solution. It is maintained and distributed by IBM. It may be possible to execute commands remotely on systems managed by Tivoli. During the initial install phase of the Tivoli framework, a system requires the rexec program in a listening status to accept commands from the Tivoli management station. After the framework is installed, rexec is no longer needed. However, a common misconfiguration is to leave rexec listening, making it possible for a user to execute spoofed rexec commands, and gain local access to the system.