Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

iXsecurity.20020328.tivoli_tsm_dsmsvc.a

From: "Patrik Karlsson" <patrik () cqure net>
Date: Thu, 11 Apr 2002 21:05:20 -0100 (GMT+1)
iXsecurity Security Vulnerability Report
No: iXsecurity.20020328.tivoli_tsm_dsmsvc.a
===========================================

Vulnerability Summary
---------------------
Problem:                The Tivoli Storage Manager webserver, running
                        on port 1580, has a buffer overflow condition.

Threat:                 An attacker could cause the service to crash,
                        and execute arbitrary code.

Affected Software:      The exposure exists in versions 4.2.x.x.

Platform:               Windows NT4/2000.


Vulnerability Description
-------------------------
The webserver bound to 1580 (dsmsvc.exe) has a buffer overflow condition.
If an attacker would login, using the login form, with a username of
approx. 1976 characters long, he would overwrite EIP. This would lead to
the service crashing, and the possibility of arbitrary code execution.

Solution
--------
See APAR IC33212
Apply Patch V4.2.1.15 currently available at
http://www.tivoli.com/support/storage_mgr/servers.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV

Additional Information
----------------------
Tivoli was contacted 20020328.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik.karlsson () ixsecurity com
jonas.landin () ixsecurity com

This document is also available at: http://www.cqure.net/advisories/
Previous By Date Next
Previous By Thread Next

Current thread: