iXsecurity.20020328.tivoli_tsm_dsmsvc.a

• Previous message: Solar Designer: "Re: local root compromise in openbsd 3.0 and below"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

iXsecurity Security Vulnerability Report
No: iXsecurity.20020328.tivoli_tsm_dsmsvc.a
===========================================

Vulnerability Summary
---------------------
Problem:                The Tivoli Storage Manager webserver, running
                        on port 1580, has a buffer overflow condition.

Threat:                 An attacker could cause the service to crash,
                        and execute arbitrary code.

Affected Software:      The exposure exists in versions 4.2.x.x.

Platform:               Windows NT4/2000.


Vulnerability Description
-------------------------
The webserver bound to 1580 (dsmsvc.exe) has a buffer overflow condition.
If an attacker would login, using the login form, with a username of
approx. 1976 characters long, he would overwrite EIP. This would lead to
the service crashing, and the possibility of arbitrary code execution.

Solution
--------
See APAR IC33212
Apply Patch V4.2.1.15 currently available at
http://www.tivoli.com/support/storage_mgr/servers.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV

Additional Information
----------------------
Tivoli was contacted 20020328.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik.karlssonat_private
jonas.landinat_private

This document is also available at: http://www.cqure.net/advisories/

• Next message: Simon Lodal: "IBM Informix Web DataBlade: SQL injection"
• Previous message: Solar Designer: "Re: local root compromise in openbsd 3.0 and below"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 17:06:32 PDT