|
 |
|
IBM Tivoli Storage Manager Client Information Disclosure and Buffer Overflow
|
|
|
|
|
Secunia Advisory:
|
SA26883
|
|
|
Release Date:
|
2007-09-20
|
|
Last Update:
|
2007-09-25
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM Tivoli Storage Manager Client 5.x
|
| | CVE reference: | CVE-2007-4880 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Two vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to disclose sensitive information or potentially compromise a vulnerable system.
1) Boundary errors within dsmcad.exe when parsing HTTP headers can be exploited to cause various buffer overflows by sending a specially crafted HTTP request containing an overly long "host" parameter to the Client Acceptor Daemon (CAD).
Successful exploitation allows execution of arbitrary code.
2) An unspecified error when using server-initiated prompted scheduling can be exploited to e.g. gain access to the client's data.
The vulnerabilities are reported in versions 5.1, 5.2, 5.3, and 5.4 and reportedly affect the following client interfaces:
* The Web client GUI, which uses the CAD
* Backup-Archive client scheduling using the CAD (CAD-managed scheduling)
* Backup-Archive server-initiated prompted scheduling
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Apply client update packages.
5.4.1.2 (PTF UK27738 and UK27739):
http://www.ibm.com/support/docview.wss?uid=swg24016585
5.3.5.3 (PTF UK29248 and UK29249):
http://www.ibm.com/support/docview.wss?uid=swg24016838
5.2.5.2 and 5.1.8.1:
http://www.ibm.com/support/docview.wss?uid=swg24016985
http://www.ibm.com/support/docview.wss?uid=swg24016986
Provided and/or discovered by:
1) Sebastian Apelt, via ZDI
2) Reported by an IBM customer.
Changelog:
2007-09-25: Updated vulnerability #1 in "Description". Added CVE reference and link to ZDI. Corrected link to IBM for version 5.1.8.1 in "Solution".
Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21268775
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
1 Related Secunia Security Advisories
|
|
|
1. IBM Tivoli Storage Manager Client CAD Service Script Insertion
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
