IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
BID:21440
Info
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21440 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-5855 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2006 12:00AM |
| Updated: | Feb 08 2008 12:16AM |
| Credit: | Tipping Point is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
IBM Tivoli Storage Manager 5.3.4 IBM Tivoli Storage Manager 5.2.9 |
| Not Vulnerable: | |
Discussion
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
IBM Tivoli Storage Manager is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of message fields before copying them into finite-sized internal memory buffers.
An attacker can exploit these issues to execute arbitrary code within the context of the Tivoli application. This may facilitate the compromise of affected servers. Authentication is not required to leverage these issues.
Tivoli Storage Manager versions prior to and including 5.2.9 and 5.3.4 are confirmed affected by these issues.
IBM Tivoli Storage Manager is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of message fields before copying them into finite-sized internal memory buffers.
An attacker can exploit these issues to execute arbitrary code within the context of the Tivoli application. This may facilitate the compromise of affected servers. Authentication is not required to leverage these issues.
Tivoli Storage Manager versions prior to and including 5.2.9 and 5.3.4 are confirmed affected by these issues.
Exploit / POC
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
Solution:
IBM has released a fix that addresses these issues. Please see the vendor references for more information.
Solution:
IBM has released a fix that addresses these issues. Please see the vendor references for more information.
References
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
References:
References:
- IC50347: SECURITY APAR PREVENT CRASH (IBM)
- Tivoli Software (IBM)
- TSM Server Abend with Invalid Requests (IBM)
- TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities (Tipping Point)
- Vulnerability Note VU#350625 - IBM Tivoli Storage Manager SmExecuteWdsfSession( (UC-CERT)
- Vulnerability Note VU#478753 - IBM Tivoli Storage Manager vulnerable to a buffer (US-CERT)
- Vulnerability Note VU#887249 - IBM Tivoli Storage Manager Server vulnerable to b (US-CERT)