Some vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to compromise a vulnerable system.
1) A boundary error exists within the "GeneratePassword()" function in dsmtca. This can be exploited to cause a stack-based buffer overflow and gain escalated privileges.
2) An unspecified error in the backup-archive clients can be exploited to overwrite certain files.
3) An error within the Hierarchical Storage Management client can be exploited to execute arbitrary commands and e.g. read, copy, modify, or delete arbitrary files.
Please see the vendor's advisory for details on affected versions.
Solution: Apply patches. Please see the vendor's advisory for details.
Provided and/or discovered by: 1) Peter Wilhelmsen and Daniel Kalici, Kryptos Logic.
2, 3) Reported by the vendor.
Original Advisory: IBM (IC65491, IC66686, IC69150)
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: IBM Tivoli Storage Manager (TSM) Client Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.