Vulnerability Note VU#887249
IBM Tivoli Storage Manager Server vulnerable to buffer overflow
A buffer overflow condition exists in the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code.
The IBM Tivoli Storage Manager (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register and authenticate to servers before performing backup functions.
From TippingPoint Advisory TSRT-06-14:
An attacker may be able to craft a malformed sign-on request that triggers the overflow on the TSM Server.
Note that IBM has released the below information on their support site, which conflicts with other public reports:
A remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM Corporation||Affected||05 Dec 2006||05 Feb 2007|
CVSS Metrics (Learn More)
This report was based on information from Tipping Point Advisory TSRT-06-14.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-5855
- Date Public: 04 Dec 2006
- Date First Published: 05 Feb 2007
- Date Last Updated: 09 Feb 2007
- Severity Metric: 0.36
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.