Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21770
HistoryMay 04, 2009 - 12:00 a.m.

Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows

2009-05-0400:00:00
vulners.com
20
JSON

======================================================================

                 Secunia Research 04/05/2009
  • IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows -

======================================================================
Table of Contents

Affected Software…1
Severity…2
Vendor's Description of Software…3
Description of Vulnerability…4
Solution…5
Time Table…6
Credits…7
References…8
About Secunia…9
Verification…10

======================================================================
1) Affected Software

  • IBM Tivoli Storage Manager Express Client 5.3.6.2

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: System access
Where: Local network

======================================================================
3) Vendor's Description of Software

"IBM Tivoli Storage Manager family of offerings are designed to
provide centralized, automated data protection".

Product Link:
http://www-01.ibm.com/software/tivoli/products/storage-mgr/

======================================================================
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in IBM Tivoli
Storage Manager Agent Client (dsmagent.exe), which can be exploited by
malicious people to compromise a vulnerable system.

1) A boundary error in a generic string handling function when parsing
strings from request packets can be exploited to cause stack-based
buffer overflow.

2) A boundary error when copying the NodeName from a request packet in
dicuGetIdentifyRequest can be exploited to cause a stack-based buffer
overflow.

Successful exploitation allows execution of arbitrary code.

======================================================================
5) Solution

Apply patches.

======================================================================
6) Time Table

13/11/2008 - Vendor notified.
18/11/2008 - Vendor response.
20/11/2008 - Vendor asks for additional information.
20/11/2008 - Clarification of the two problems provided to the vendor.
26/11/2008 - Vendor provides status update.
02/02/2009 - Vendor provides status update.
24/02/2009 - Vendor provides status update.
31/03/2009 - Status update requested.
31/03/2009 - Vendor provides status update.
04/05/2009 - Public disclosure.

======================================================================
7) Credits

Discovered by Dyon Balding, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-4828 for the vulnerabilities.

IBM (IC59513, IC59994, IC59779, IC59781):
http://www-01.ibm.com/support/docview.wss?uid=swg21384389

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-55/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

Related

checkpoint_advisories 1
d2 1
cve 1
saint 4
packetstorm 1
securityvulns 1
prion 1
checkpoint_advisories
checkpoint_advisories
IBM Tivoli Storage Manager Agent Client Generic String Handling Buffer Overflow (CVE-2008-4828)
2009-05-20 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TSMCAD2
2009-05-05 17:30:00
cve
cve
CVE-2008-4828
2009-05-05 17:30:00
saint
saint
Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow
2009-05-11 00:00:00
Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow
2009-05-11 00:00:00
Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow
2009-05-11 00:00:00
packetstorm
packetstorm
IBM Tivoli Storage Manager Express RCA Service Buffer Overflow
2009-12-31 00:00:00
securityvulns
securityvulns
IBM Tivoli Storage Manager Remote Agent buffer overflow
2009-05-04 00:00:00
prion
prion
Stack overflow
2009-05-05 17:30:00
JSON
Related for SECURITYVULNS:DOC:21770
checkpoint_advisories1d21cve1saint4packetstorm1securityvulns1prion1