About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

IBM Tivoli Storage Manager Buffer Overflow and Security Bypass Issues

VUPEN ID VUPEN/ADV-2009-1235
CVE ID CVE-2008-4828 - CVE-2009-1520 - CVE-2009-1521 - CVE-2009-1522
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2009-05-04
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in IBM Tivoli Storage Manager (TSM) client, which could be exploited by remote attackers to bypass security restritions and compromise a vulnerable system.

The first issue is caused by a stack overflow error in the "dsmagent.exe" agent in a generic string handling function when processing a request containing a string longer than 1025 characters, which could be exploited to crash an affected client or execute arbitrary code.

The second vulnerability is caused by a stack overflow error in the "dsmagent.exe" agent when copying the NodeName longer than 65 characters from a request packet, which could be exploited to crash an affected client or execute arbitrary code.

The third issue is caused by an unspecified buffer overflow error in the client Web GUI, which could be exploited to crash a vulnerable TSM client agent or execute arbitrary code.

The fourth vulnerability is caused by an unspecified error in the client Java GUI, which could allow an attacker to read, copy, alter, or delete files on the client machine.

The fifth issue is caused by an unspecified error in the AIX and Windows clients using the Secure Socket Layer (SSL), which could be exploited to conduct man-in-the-middle attacks and read or copy files from the client machine.

Affected Products

IBM Tivoli Storage Manager versions 5.5.x
IBM Tivoli Storage Manager versions 5.4.x
IBM Tivoli Storage Manager versions 5.3.x
IBM Tivoli Storage Manager versions 5.2.x
IBM Tivoli Storage Manager versions 5.1.x
IBM Tivoli Storage Manager versions 6.0.x

Solution 

Upgrade to version 5.5.2, 5.4.2.7, 5.3.6.6, 5.2.5.4, 5.1.8.3 or 6.1.0 :
http://www-01.ibm.com/support/docview.wss?uid=swg21384389
http://www-01.ibm.com/support/docview.wss?uid=swg21321838

References

http://www.vupen.com/english/advisories/2009/1235
http://www-01.ibm.com/support/docview.wss?uid=swg21384389
http://www-01.ibm.com/support/docview.wss?uid=swg21321838
http://secunia.com/secunia_research/2008-55/

Credits 

Vulnerabilities reported by Dyon Balding (Secunia Research) and the vendor.

Changelog 

2009-05-04 : Initial release
2009-05-18 : Updated Solution

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Aug 2010


  Critical Risk

 : 0%

  High Risk		 : 0%

  Moderate Risk		 : 0%

  Low Risk		 : 100%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy