TUCoPS :: Web :: General :: web5258.htm

Tivoli Storage Manager webserver buffer overflow (client & server)
15th Apr 2002 [SBWID-5258]
COMMAND

	Tivoli Storage Manager webserver buffer overflow (client & server)

SYSTEMS AFFECTED

	Tivoli Storage Manager version 4.2.x.x.

PROBLEM

	Patrik     Karlsson     &     Jonas     Ländin     of     iXsecurity
	[http://www.ixsecurity.com] reported :
	

	 Client side

	 ===========

	

	A request for the  URL  A.AAAAA....approximately_1292_more_A\'s  to  the
	webserver running on port 1581 (TSM Client Acceptor) will  result  in  a
	crash, overwriting EIP. The buffer overwriting EIP is  in  a  widestring
	format, making it a little more difficult, although not  impossible,  to
	exploit.
	

	-Also-
	

	 Server side

	 ===========

	

	The  webserver  bound  to  1580  (dsmsvc.exe)  has  a  buffer   overflow
	condition. If an attacker would login, using  the  login  form,  with  a
	username of approx. 1976 characters long, he would overwrite  EIP.  This
	would lead to the service crashing, and  the  possibility  of  arbitrary
	code execution.

SOLUTION

	Apply Patches V4.2.1.32 from :
	

	http://www.tivoli.com/support/storage_mgr/clients.html

	

	

	and patch V4.2.1.15 from :
	

	http://www.tivoli.com/support/storage_mgr/servers.html

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH