[25030] in bugtraq
iXsecurity.20020327.tivoli_tsm_dsmcad.a
daemon@ATHENA.MIT.EDU (Patrik Karlsson)
Thu Apr 11 15:44:20 2002
Message-ID: <1386.193.15.191.49.1018543733.squirrel@mail.cqure.net>
Date: Thu, 11 Apr 2002 15:48:53 -0100 (GMT+1)
From: "Patrik Karlsson" <patrik@cqure.net>
To: <bugtraq@securityfocus.com>
Reply-To: patrik@cqure.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
iXsecurity Security Vulnerability Report
No: iXsecurity.20020327.tivoli_tsm_dsmcad.a
===========================================
Vulnerability Summary
---------------------
Problem: The Tivoli Storage Manager webserver, running
on port 1581 has a buffer overflow condition.
Threat: An attacker could make the webserver crash and
possibly execute arbitrary code.
Affected Software: Tivoli Storage Manager version 4.2.x.x.
Platform: Windows NT4/2000.
Vulnerability Description
-------------------------
A request for the URL A.AAAAA....approximately_1292_more_A's to the
webserver running on port 1581 (TSM Client Acceptor) will result in a
crash, overwriting EIP. The buffer overwriting EIP is in a widestring
format, making it a little more difficult, although not impossible,
to exploit.
Solution
--------
See APAR IC33211
Apply Patch V4.2.1.32 currently available at
http://www.tivoli.com/support/storage_mgr/clients.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV
Additional Information
----------------------
Tivoli was contacted 20020327.
This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@ixsecurity.com
jonas.landin@ixsecurity.com
This document is also available at: http://www.cqure.net/advisories/
