iXsecurity Security Vulnerability Report
No: iXsecurity.20020328.tivoli_tsm_dsmsvc.a
===========================================
Vulnerability Summary
---------------------
Problem: The Tivoli Storage Manager webserver, running
on port 1580, has a buffer overflow condition.
Threat: An attacker could cause the service to crash,
and execute arbitrary code.
Affected Software: The exposure exists in versions 4.2.x.x.
Platform: Windows NT4/2000.
Vulnerability Description
-------------------------
The webserver bound to 1580 (dsmsvc.exe) has a buffer overflow condition.
If an attacker would login, using the login form, with a username of
approx. 1976 characters long, he would overwrite EIP. This would lead to
the service crashing, and the possibility of arbitrary code execution.
Solution
--------
See APAR IC33212
Apply Patch V4.2.1.15 currently available at
http://www.tivoli.com/support/storage_mgr/servers.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV
Additional Information
----------------------
Tivoli was contacted 20020328.
This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@ixsecurity.com
jonas.landin@ixsecurity.com
This document is also available at: http://www.cqure.net/advisories/
