CERT-MU :Vulnerability

Home | FAQ | Site Map | Contact Us

Hotline : 800 2378

To contact CERT-MU send e-mail on - info[at]cert-mu.gov.mu

To report incident e-mail on - incident[at]cert-mu.gov.mu

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2009-13

IBM Tivoli Storage Manager Remote Agent Service Buffer Overflow Vulnerabilities

Original Issue Date: May 11, 2009

Severity Rating: High

Systems Affected

IBM Tivoli Storage Manager Express 5.3
IBM Tivoli Storage Manager Express 5.3.3.0
IBM Tivoli Storage Manager Express 5.3.6.4
IBM Tivoli Storage Manager Client 5.2
IBM Tivoli Storage Manager Client 5.2.5.1
IBM Tivoli Storage Manager Client 5.2.5.2
IBM Tivoli Storage Manager Client 5.2.5.3
IBM Tivoli Storage Manager Client 5.3
IBM Tivoli Storage Manager Client 5.3.5.2
IBM Tivoli Storage Manager Client 5.3.5.3
IBM Tivoli Storage Manager Client 5.3.6.3
IBM Tivoli Storage Manager Client 5.3.6.4
IBM Tivoli Storage Manager Client 5.4
IBM Tivoli Storage Manager Client 5.4.1.1
IBM Tivoli Storage Manager Client 5.4.1.2
IBM Tivoli Storage Manager Client 5.4.1.96

Overview

Multiple vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) client, which could be exploited by remote attackers to bypass security restrictions and compromise a vulnerable system to cause unauthorized disclosure of information, modification of information and disruption of service.

Description

Multiple stack-based buffer overflow vulnerabilities exist in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4. The exploitation of these vulnerabilities allow remote attackers to execute arbitrary code via a request packet that is not properly parsed by an unspecified "generic string handling function" or a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the Web GUI and Java GUI.

Solution

The vendor has issued fixes to address problems described by APARs IC59513, IC59994, IC59779, and IC59781 in the advisory available at

http://www-01.ibm.com/support/docview.wss?uid=swg21384389

CVE Name

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4828

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

IBM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC59513
http://www-01.ibm.com/support/docview.wss?uid=swg21384389

References

Secunia
http://secunia.com/advisories/cve_reference/CVE-2008-4828/
http://secunia.com/secunia_research/2008-55/

Security Focus
http://www.securityfocus.com/archive/1/archive/1/503182/100/0/threaded

VUPEN Security
http://www.vupen.com/english/advisories/2009/1235