A remote buffer overflow in IBM Tivoli Management Framework v3.6.x through 3.7.1 running on tcp port 9495 allows attackers to deny service or execute arbitrary code. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Windows 2000 and NT4 SP6a.
e92e32242706e69a03bcae5286f23fa186f7abf143db928b16d7dc2496525c24