Ibm Tivoli Storage Manager Multiple Vulnerabilities

[Peaches]

IBM Tivoli Storage Manager Multiple Vulnerabilities

MODERATELY CRITICAL

"Some vulnerabilities have been reported in in IBM Tivoli Storage Manager (TSM), which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.

1) A vulnerability is caused due to a boundary error in the IBM Tivoli Storage Manager Agent Client (dsmagent.exe) in a generic string handling function. This can be exploited to cause a stack-based buffer overflow via a string longer than 1025 characters contained in a specially crafted request packet.

2) A vulnerability is caused due to a boundary error in the IBM Tivoli Storage Manager Agent Client (dsmagent.exe) when copying the NodeName from a request packet. This can be exploited to cause a stack-based buffer overflow via a string longer than 65 characters.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities are confirmed in Tivoli Storage Manager Express Backup Client Version 5, Release 3, Level 6.2.

3) An unspecified error exists within the client WebGUI, which can be exploited to cause a buffer overflow and may allow execution of arbitrary code.

4) An unspecified error exists in the client Java GUI, which can be exploited to gain unauthorised access and e.g. read, copy, alter, or delete files on the client machine.

5) An unspecified error exists in the AIX and Windows clients using the Secure Socket Layer (SSL), which can be exploited e.g. to read or copy files from the client machine via a Man-in-the-Middle attack.

Please see the vendor's advisory for details on affected versions."

Secunia advisories - http://secunia.com/advisories/32604/

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>