This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart.
3d12be67beff922e63d2ba3c7af87796dc724d566da3472bbc068cb1c51b523b
Secunia Research has discovered two vulnerabilities in IBM Tivoli Storage Manager Agent Client (dsmagent.exe), which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. IBM Tivoli Storage Manager Express Client version 5.3.6.2 is affected.
d1fd439a13669849768376606848a17212e6db600a796c6645664f2f34a6293b