lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 10 Mar 2009 15:42:05 -0400 (EDT)
From: VR-Subscription-noreply@...urent.com
To: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
Subject: Assurent VR - IBM Tivoli Storage Manager Express
	Backup Server Heap	Corruption

IBM Tivoli Storage Manager Express Backup Heap Corruption

Assurent ID: FSC20090310-02

1. Affected Software

  IBM Tivoli Storage Manager 5.4.4.0 to 5.4.4.0
  IBM Tivoli Storage Manager 5.3 all levels
  IBM Tivoli Storage Manager 5.2 all levels
  IBM Tivoli Storage Manager Express all levels

Reference: http://www-01.ibm.com/software/tivoli/products/storage-mgr/

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in the backup service of IBM Tivoli Storage Manager server. Specifically, the vulnerability is due to improper memory handling when processing incoming client requests and can lead to heap corruption. This vulnerability can allow attackers to inject and execute arbitrary code on the target host with System or root privileges.

3. Vulnerability Analysis

A remote unauthenticated attacker can exploit the vulnerability by sending a malicious request to the target system. A successful attack will result in arbitrary code executed on the target host with System or root privileges. An unsuccessful attack can create a Denial of Service (DoS) condition for the IBM Tivoli Storage Manager backup service.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

  IBM Tivoli Storage Manager Express 5.3.7.3

5. Workaround

Apply the vendor patch, or limit access to the affected communication port for trusted hosts and networks only.

6. Vendor Response

IBM has released a bulletin addressing this vulnerability. 

Reference: http://www-01.ibm.com/support/docview.wss?rs=3039&context=SSRQGY&dc=D600&uid=swg21377388&loc=en_US&cs=utf-8&lang=en

7. Disclosure Timeline

  2008-10-16 Reported to vendor
  2008-10-29 Initial vendor response
  2009-03-10 Vendor disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE:
  Vendor: 1377388

10. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers. 

http://www.assurent.com/index.php?id=17

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ