SecPod ID: 10176

IBM Tivoli Storage Manager Client Remote Heap BOF Vulnerability

Status: Public Report

Release Date: 11-04-2008

Severity: High

CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)

CVSS Temporal Score = 6.9

Affected Software/OS/Device:

- IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.7
- IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2
- IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1
- IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2
- IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1
- IBM Tivoli Storage Manager (TSM) Express all levels

Impact Level: Application

SecPod Nessus Plugin ID: 900169

Snort ID:

Vulnerability Insight:

Overview:

IBM Tivoli Storage Manager is prone to remote heap-based buffer overflow vulnerability.

Description:

Vulnerability exists due to an input validation error in TSM Backup-Archive client, which affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler service when the option "SCHEDMODE" is set to "PROMPTED".

Impact :

Successful exploitation could allow execution of arbitrary code or cause denial of service.

CVSS Score Report:    

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = MEDIUM
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = COMPLETE
    INTEGRITY_IMPACT = COMPLETE
    AVAILABILITY_IMPACT = COMPLETE
    EXPLOITABILITY = UNPROVEN
    REMEDIATION_LEVEL = OFFICIAL_FIX
    REPORT_CONFIDENCE = CONFIRMED

    CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score = 6.9

Fix:

Apply patch,

http://www-01.ibm.com/support/docview.wss?uid=swg21322623

References:

http://secunia.com/advisories/32465/

http://www.securityfocus.com/bid/31988

http://www-01.ibm.com/support/docview.wss?uid=swg21322623

Home          Corporate          Resources          Report Security Bug          Blog