CERTVU:478753IBM Tivoli Storage Manager vulnerable to a buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.5%
Overview
A buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code.
Description
The IBM Tivoli Storage Manager (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register with servers before performing backup functions. TSM servers can be configured to allow closed or open registration. Per the Tivoli User Guide, in open registration, when a user accesses a server from an unregistered client, the server prompts the user for a node name, password, and contact information before registering the workstation.
A buffer overflow vulnerability exists in the way the TSM server performs this open registration message proccessing. An attacker may be able to send a specially crafted registration message to a vulnerable TSM server that triggers the overflow.
Note that IBM has released the below information on their support site, which conflicts with the original public report:
This problem relates to an internal buffer overflow in TSM but IBM does not believe it is possible to exploit this buffer overflow for remote code execution, however, this exposure can be used to crash the TSM server.
Impact
A remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server.
Solution
Update
The update provided by IBM may address this issue.
Restrict access
Restricting access to port 1500/tcp at the network perimeter may mitigate the effects of this vulnerability. Note that an administrator can change the port that the TSM servers use with the port_address parameter.
Vendor Information
478753
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
IBM Corporation Affected
Updated: December 08, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://secunia.com/advisories/23177/>
- <http://www-1.ibm.com/support/docview.wss?uid=swg21250261>
- <http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>
- <http://www-306.ibm.com/software/tivoli/products/storage-mgr/>
- <http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmhpn.doc/update/anrhrf53389.htm#setregs>
- <http://www.securityfocus.com/bid/21440>
Acknowledgements
This report was based on information from Tipping Point Advisory TSRT-06-14.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-5855 |
|---|---|
| Severity Metric: | 0.50 Date Public: |
References
publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmhpn.doc/update/anrhrf53389.htm#setregs
secunia.com/advisories/23177/
www-1.ibm.com/support/docview.wss?uid=swg21250261
www-306.ibm.com/software/tivoli/products/storage-mgr/
www.securityfocus.com/bid/21440
www.tippingpoint.com/security/advisories/TSRT-06-14.html
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.5%