Buffer overflow : IBM TSM Client Remote Heap BOF Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900169

Kategorie: Buffer overflow

Titel: IBM TSM Client Remote Heap BOF Vulnerability

Zusammenfassung: This host is installed with IBM TSM Client and is prone to heap; based buffer overflow vulnerability.

Beschreibung: Summary:
This host is installed with IBM TSM Client and is prone to heap
based buffer overflow vulnerability.

Vulnerability Insight:
Vulnerability exists due to an input validation error in TSM Backup-Archive
client, which affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler
service when the option 'SCHEDMODE' is set to 'PROMPTED'.

Vulnerability Impact:
Successful exploitation could allow execution of arbitrary code or cause
denial of service.

Affected Software/OS:
- IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.7

- IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2

- IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1

- IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2

- IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1

- IBM Tivoli Storage Manager (TSM) Express all levels

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 31988
Common Vulnerability Exposure (CVE) ID: CVE-2008-4801
AIX APAR: IC56773
http://www-1.ibm.com/support/docview.wss?uid=swg1IC56773
http://www.securityfocus.com/bid/31988
Bugtraq: 20081030 ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/497950/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-071/
http://www.securitytracker.com/id?1021122
http://secunia.com/advisories/32465
http://www.vupen.com/english/advisories/2008/2969
XForce ISS Database: ibm-tsm-backuparchiveclient-bo(46208)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46208

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900169
Kategorie:	Buffer overflow
Titel:	IBM TSM Client Remote Heap BOF Vulnerability
Zusammenfassung:	This host is installed with IBM TSM Client and is prone to heap; based buffer overflow vulnerability.
Beschreibung:	Summary: This host is installed with IBM TSM Client and is prone to heap based buffer overflow vulnerability. Vulnerability Insight: Vulnerability exists due to an input validation error in TSM Backup-Archive client, which affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler service when the option 'SCHEDMODE' is set to 'PROMPTED'. Vulnerability Impact: Successful exploitation could allow execution of arbitrary code or cause denial of service. Affected Software/OS: - IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.7 - IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2 - IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1 - IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2 - IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1 - IBM Tivoli Storage Manager (TSM) Express all levels Solution: Apply the patch from the referenced advisory. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 31988 Common Vulnerability Exposure (CVE) ID: CVE-2008-4801 AIX APAR: IC56773 http://www-1.ibm.com/support/docview.wss?uid=swg1IC56773 http://www.securityfocus.com/bid/31988 Bugtraq: 20081030 ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/497950/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-071/ http://www.securitytracker.com/id?1021122 http://secunia.com/advisories/32465 http://www.vupen.com/english/advisories/2008/2969 XForce ISS Database: ibm-tsm-backuparchiveclient-bo(46208) https://exchange.xforce.ibmcloud.com/vulnerabilities/46208
Copyright	Copyright (C) 2008 Greenbone Networks GmbH