Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: IBM Tivoli Storage Manager Buffer Overflow Vulns and Patches SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IBM Tivoli Storage Manager Buffer Overflow Vulns and Patches
Looks like IBM Tivoli Storage Manager has a few buffer overflow vulnerabilities.  Read more about them here, courtesy of Tipping Point.

The money quote:

"These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities.  The specific flaws are similar and exist in the processing of messages by the Tivoli Storage Manager service, bound on TCP port 1500. "

Patches from IBM described here.

Looks like IBM thinks they cannot be exploited, as they say, "This problem relates to an internal buffer overflow in TSM but IBM does not believe it is possible to exploit this buffer overflow for remote code execution, however, this exposure can be used to crash the TSM server."

Either way... if you use Tivoli, you should analyze this carefully.





Ed

57 Posts
Dec 5th 2006

Sign Up for Free or Log In to start participating in the conversation!