BID:25743

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

Info

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

Bugtraq ID:	25743
Class:	Unknown
CVE:	CVE-2007-4880 CVE-2007-5022
Remote:	Yes
Local:	No
Published:	Sep 19 2007 12:00AM
Updated:	Jul 05 2016 10:00PM
Credit:	Sebastian Apelt and an anonymous IBM customer are credited with the discovery of these vulnerabilities.
Vulnerable:	IBM Tivoli Storage Manager 5.2.3 .4 Client IBM Tivoli Storage Manager 5.4 Client IBM Tivoli Storage Manager 5.3 Client IBM Tivoli Storage Manager 5.2 Client IBM Tivoli Storage Manager 5.1 Client

Not Vulnerable:

Discussion

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

IBM Tivoli Storage Manager client is prone to multiple vulnerabilities that can allow attackers to crash the client, execute arbitrary code in the context of the application, or gain unauthorized access to a client's data.

These issues affect Tivoli Storage Manager client 5.1, V5.2, V5.3, and V5.4.

Exploit / POC

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

An exploit is available for members of the Immunity Partner's Program:

https://www.immunityinc.com/downloads/immpartners/tivoli_storage.tar

The following exploit is available:

/data/vulnerabilities/exploits/dsmcad.py

Solution / Fix

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

Solution:
IBM has released fixes to address these issues. Please see the references for more information.

References

IBM Tivoli Storage Manager Client Multiple Vulnerabilities

References: