Secunia Security Advisory - Some vulnerabilities have been reported in in IBM Tivoli Storage Manager (TSM), which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
b519b3723590fe81f042d9bd1ae748d8ca4f4df8e467963478df6f3d3b7ccdd0
----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
IBM Tivoli Storage Manager Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32604
VERIFY ADVISORY:
http://secunia.com/advisories/32604/
DESCRIPTION:
Some vulnerabilities have been reported in in IBM Tivoli Storage
Manager (TSM), which can be exploited by malicious people to bypass
certain security restrictions or compromise a vulnerable system.
1) A vulnerability is caused due to a boundary error in the IBM
Tivoli Storage Manager Agent Client (dsmagent.exe) in a generic
string handling function. This can be exploited to cause a
stack-based buffer overflow via a string longer than 1025 characters
contained in a specially crafted request packet.
2) A vulnerability is caused due to a boundary error in the IBM
Tivoli Storage Manager Agent Client (dsmagent.exe) when copying the
NodeName from a request packet. This can be exploited to cause a
stack-based buffer overflow via a string longer than 65 characters.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in Tivoli Storage Manager Express
Backup Client Version 5, Release 3, Level 6.2.
3) An unspecified error exists within the client WebGUI, which can be
exploited to cause a buffer overflow and may allow execution of
arbitrary code.
4) An unspecified error exists in the client Java GUI, which can be
exploited to gain unauthorised access and e.g. read, copy, alter, or
delete files on the client machine.
5) An unspecified error exists in the AIX and Windows clients using
the Secure Socket Layer (SSL), which can be exploited e.g. to read or
copy files from the client machine via a Man-in-the-Middle attack.
Please see the vendor's advisory for details on affected versions.
SOLUTION:
Update to the latest versions (please see the vendor's advisory for
details).
TSM 5.5 all platforms:
Update to version 5.5.2.
TSM 5.4 all platforms:
Update to version 5.4.2.7.
TSM 5.3 "special clients" supported in 5.4:
Update to version 5.3.6.6 (all 5.3 clients with support extensions).
TSM 5.2:
Update to 5.2.5.4 (AIX), 5.2.5.4 (Solaris SPARC), 5.2.5.4 (HP
PA-RISC), 5.2.5.4 (Windows x32), or 5.1.8.3 (Tru64 UNIX).
TSM Express:
Update to version 5.3.6.6.
TSM 5.5 SSL client update packages:
Update to 5.5.2.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Dyon Balding, Secunia Research
3 -5) Reported by the vendor.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-55/
IBM (IC59513, IC59994, IC59779, IC59781):
http://www-01.ibm.com/support/docview.wss?uid=swg21384389
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------