[25038] in bugtraq
iXsecurity.20020328.tivoli_tsm_dsmsvc.a
daemon@ATHENA.MIT.EDU (Patrik Karlsson)
Thu Apr 11 20:09:50 2002
Message-ID: <1427.213.67.251.53.1018562720.squirrel@mail.cqure.net>
Date: Thu, 11 Apr 2002 21:05:20 -0100 (GMT+1)
From: "Patrik Karlsson" <patrik@cqure.net>
To: <bugtraq@securityfocus.com>
Reply-To: patrik@cqure.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
iXsecurity Security Vulnerability Report
No: iXsecurity.20020328.tivoli_tsm_dsmsvc.a
===========================================
Vulnerability Summary
---------------------
Problem: The Tivoli Storage Manager webserver, running
on port 1580, has a buffer overflow condition.
Threat: An attacker could cause the service to crash,
and execute arbitrary code.
Affected Software: The exposure exists in versions 4.2.x.x.
Platform: Windows NT4/2000.
Vulnerability Description
-------------------------
The webserver bound to 1580 (dsmsvc.exe) has a buffer overflow condition.
If an attacker would login, using the login form, with a username of
approx. 1976 characters long, he would overwrite EIP. This would lead to
the service crashing, and the possibility of arbitrary code execution.
Solution
--------
See APAR IC33212
Apply Patch V4.2.1.15 currently available at
http://www.tivoli.com/support/storage_mgr/servers.html
For additional information or assistance please contact your
IBM Service Representative at 1-800-IBM-SERV
Additional Information
----------------------
Tivoli was contacted 20020328.
This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@ixsecurity.com
jonas.landin@ixsecurity.com
This document is also available at: http://www.cqure.net/advisories/
