A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Tivoli Provisioning Manager for OS Deployment. Authentication is not required to exploit this vulnerability. The specific flaws exist in the handling of HTTP requests to the rembo.exe service listening on TCP port 8080. Several components of an HTTP request can be modified to trigger buffer overflows. For example, by supplying an overly long filename an attacker is able to overflow a 150 byte stack buffer and subsequently execute arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/56425/TPTI-07-05.txt
Source: https://packetstormsecurity.com/files/56425/TPTI-07-05.txt.html