SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Storage Manager Vendors:   IBM
IBM Tivoli Storage Manager Bugs Let Remote Users Execute Arbitrary Code and Access Client Data
SecurityTracker Alert ID:  1018725
SecurityTracker URL:  http://securitytracker.com/id/1018725
CVE Reference:   CVE-2007-4880   (Links to External Site)
Updated:  Sep 26 2007
Original Entry Date:  Sep 21 2007
Impact:   Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1, 5.2, 5.3, 5.4
Description:   Two vulnerabilities were reported in the IBM Tivoli Storage Manager. A remote user can execute arbitrary code on the target system. A remote user can access client data.

A remote user can send specially crafted data to trigger a buffer overflow in the Client Acceptor Daemon and execute arbitrary code on the target system. The code will run with the privileges of the target service.

A remote user can exploit a server-initiated prompted scheduling function to gain access to the target client's data.

The Web Client GUI, CAD-managed scheduling, and server-initiated prompted scheduling functions are affected.

The following versions are affected:

* Version 5, Release 4, Levels 0.0 - 1.1
* Version 5, Release 3, Levels 0.0 - 5.2
* Version 5, Release 2, Levels 0.0 - 5.1
* Version 5, Release 1, Levels 0.0 - 8.0

The vendor was notified of the CAD service buffer overflow on May 22, 2007.

Sebastian Apelt reported the buffer overflow vulnerability via TippingPoint and an IBM customer reported the client data access vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can gain access to client data.

Solution:   The vendor has issued a fix (APARs IC52905 and IC53616).

The following fixed versions are available.

5.4.1.2 (UK27738 and UK27739):

http://www.ibm.com/support/docview.wss?uid=swg24016585

5.3.5.3 (UK29248 and UK29249):

http://www.ibm.com/support/docview.wss?uid=swg24016838

5.2.5.2 and 5.1.8.1:

http://www.ibm.com/support/docview.wss?uid=swg24016985
http://www.ibm.com/support/docview.wss?uid=swg24016586

Express clients:

http://www.ibm.com/support/docview.wss?uid=swg24016991

The IBM advisory is available at:

http://www-1.ibm.com/support/docview.wss?uid=swg21268775

Vendor URL:  www-1.ibm.com/support/docview.wss?uid=swg21268775 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS

Message History:   None.


 Source Message Contents

Date:  Thu, 20 Sep 2007 21:54:12 -0400
Subject:  Two security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) client


http://www-1.ibm.com/support/docview.wss?uid=swg21268775


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC