Vulnerability Note VU#350625
IBM Tivoli Storage Manager SmExecuteWdsfSession( ) function vulnerable to buffer overflow
A buffer overflow condition exists in certain login fields on the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to
cause a denial-of-service condition or possibly execute arbitrary code
The IBM Tivoli Storage Manager (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register and authenticate to servers before performing backup functions. The SmExecuteWdsfSession() function is used during the initial part of the authentication process.
From a public vulnerability report, a buffer overflow vulnerability exists in this function. The overflow can be triggered during the processing of two separate fields sent in the request, both of which are copied into fixed sized buffers, without any validation of their lengths.
Note that IBM has released the below information on their support site, which conflicts with the original public report:
A remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM Corporation||Affected||-||08 Dec 2006|
CVSS Metrics (Learn More)
This report was based on information from Tipping Point Advisory TSRT-06-14.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-5855
- Date Public: 04 Dec 2006
- Date First Published: 05 Feb 2007
- Date Last Updated: 09 Feb 2007
- Severity Metric: 0.14
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.