Technical Description

Multiple vulnerabilities have been identified in IBM Tivoli Storage Manager, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service.

The first issue is due to a buffer overflow error when processing initial sign-on requests with a specially crafted "language" field, which could be exploited by remote attackers to crash or compromise a vulnerable server.

The second vulnerability is due to buffer overflow errors in the "SmExecuteWdsfSession()" function when processing certain fields, which could be exploited by attackers to execute arbitrary commands.

The third flaw is due to a buffer overflow error when processing open registration messages with a specially crafted "contact" field, which could be exploited by remote attackers to compromise a vulnerable server.

Affected Products

IBM Tivoli Storage Manager versions prior to 5.2.9
IBM Tivoli Storage Manager versions prior to 5.3.4

Solution

Upgrade to IBM TSM version 5.2.9 or 5.3.4 :
http://www-1.ibm.com/support/docview.wss?uid=swg21250261

References

http://www.vupen.com/english/advisories/2006/4856
http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
http://www-1.ibm.com/support/docview.wss?uid=swg21250261

Credits

Vulnerabilities reported by TippingPoint Security Research Team

ChangeLog

2006-12-05 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.