BID:52847

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

Info

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

Bugtraq ID:	52847
Class:	Boundary Condition Error
CVE:	CVE-2012-0202
Remote:	Yes
Local:	No
Published:	Apr 02 2012 12:00AM
Updated:	Jan 09 2013 03:40PM
Credit:	TippingPoint
Vulnerable:	IBM Cognos TM1 9.5.2 IBM Cognos TM1 9.5.1 IBM Cognos TM1 9.4.1 IBM Cognos Express 9.5 IBM Cognos Express 9.0

Not Vulnerable:	IBM Cognos TM1 9.5.2 FP2 IBM Cognos Express 10.1

Discussion

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

IBM Cognos TM1 is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

IBM Cognos TM1 9.4.1 and 9.5.x prior to 9.5.2 FP2 are vulnerable.

Exploit / POC

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

The following metasploit exploit is available:

/data/vulnerabilities/exploits/52847.rb

Solution / Fix

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

Solution:
Vendor updates are available. Please see the references for details.

References

IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability

References:

Cognos TM1 9.4.1 Interim Fix 2 (IBM)
Cognos TM1 9.5.1 Interim Fix 3 (IBM)
Cognos TM1 9.5.2 Interim Fix 4 (IBM)
Cognos TM1 Homepage (IBM)
IBM Cognos Express (IBM)
Security Bulletin: IBM Cognos Express Admin Server vulnerabilities (CVE-2012-020 (IBM)
Security Bulletin: IBM Cognos TM1 Admin Server vulnerabilities (CVE-2012-0202) (IBM)