iXsecurity.20020327.tivoli_tsm_dsmcad.a

"Patrik Karlsson" <patrik@cqure.net> · Thu, 11 Apr 2002 15:48:53 -0100 (GMT+1)

iXsecurity Security Vulnerability Report
No: iXsecurity.20020327.tivoli_tsm_dsmcad.a
===========================================

Vulnerability Summary
---------------------
Problem:                The Tivoli Storage Manager webserver, running
                        on port 1581 has a buffer overflow condition.

Threat:                 An attacker could make the webserver crash and
                        possibly execute arbitrary code.

Affected Software:      Tivoli Storage Manager version 4.2.x.x.

Platform:               Windows NT4/2000.

Vulnerability Description
-------------------------
A request for the URL A.AAAAA....approximately_1292_more_A's to the
webserver running on port 1581 (TSM Client Acceptor) will result in a
crash, overwriting EIP. The buffer overwriting EIP is in a widestring
format, making it a little more difficult, although not impossible,
to exploit.

Solution
--------
See APAR IC33211
Apply Patch V4.2.1.32 currently available at
http://www.tivoli.com/support/storage_mgr/clients.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV

Additional Information
----------------------
Tivoli was contacted 20020327.

This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@ixsecurity.com
jonas.landin@ixsecurity.com

This document is also available at: http://www.cqure.net/advisories/