IBM Tivoli Storage Manager Multiple Remote Overflows
2007-07-03T00:00:00
ID IBM_TSM_MULTIPLE.NASL Type nessus Reporter Tenable Modified 2018-07-12T00:00:00
Description
The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25662);
script_version("1.15");
script_cvs_date("Date: 2018/07/12 19:01:15");
script_cve_id("CVE-2006-5855");
script_bugtraq_id(21440);
script_name(english:"IBM Tivoli Storage Manager Multiple Remote Overflows");
script_summary(english:"Test the IBM TSM buffer overflows.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running an application that is affected by multiple
remote overflow vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of IBM Tivoli Storage Manager
that is vulnerable to multiple buffer overflows. Using specially a
crafted packet, an attacker could exploit these flaws to execute
arbitrary code on the host or to disable this service.");
script_set_attribute(attribute:"see_also", value:"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14");
script_set_attribute(attribute:"solution", value:
"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to
Tivoli Storage Manager Express 5.3.7.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/04");
script_set_attribute(attribute:"patch_publication_date", value:"2006/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gain a shell remotely");
script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
script_dependencies("ibm_tsm_detect.nasl");
script_require_keys("installed_sw/IBM Tivoli Storage Manager");
script_require_ports("Services/tsm-agent");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("install_func.inc");
port = get_service(svc:"tsm-agent",exit_on_fail:TRUE);
prod = "IBM Tivoli Storage Manager";
get_install_count(app_name:prod, exit_if_zero:TRUE);
install = get_single_install(app_name:prod, port:port);
# Install data
version = install["version"];
# Report info
fix = "5.2.9 / 5.3.4";
if(install["Express"]) {
prod += " Express";
fix = "5.3.7.1";
}
if(
(ver_compare(ver:version,fix:"5.2.9",strict:FALSE) < 0) ||
(version =~ "^5\.3\." && ver_compare(ver:version,fix:"5.3.4",strict:FALSE) < 0) ||
(install["Express"] && ver_compare(ver:version,fix:"5.3.7.1",strict:FALSE) < 0)
)
{
if(report_verbosity > 0)
{
report =
'\n Product : ' + prod +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_hole(port:port,extra:report);
} else security_hole(port);
} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);
{"id": "IBM_TSM_MULTIPLE.NASL", "bulletinFamily": "scanner", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "published": "2007-07-03T00:00:00", "modified": "2018-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "reporter": "Tenable", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "cvelist": ["CVE-2006-5855"], "type": "nessus", "lastseen": "2019-02-21T01:09:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5013835aa3c7f3c4712631db234a57db2282ef5c4c028dd32a94a5e29d9c513f", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "e08056d7c2d1840f99c39098ef7e16e9", "key": "description"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c1641de59ddded98fe0684f8d57ab71b", "key": "sourceData"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026", "key": "cpe"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2018-08-30T19:56:47", "modified": "2018-07-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:56:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5fc1c90e23df0e2efe9bd2393b138003ac53f4159b70fa8cde8031ef741a1f55", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "e08056d7c2d1840f99c39098ef7e16e9", "key": "description"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "503784f73b99dacc555fc179e5d44496", "key": "modified"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "815eb5258a1d443451b4abe89b65099c", "key": "sourceData"}, {"hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026", "key": "cpe"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2017-10-29T13:45:05", "modified": "2014-08-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2014/08/12 14:36:12 $\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n script_osvdb_id(31764, 31765, 31766);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:45:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:07:23", "references": [{"idList": ["OSVDB:31766", "OSVDB:31764", "OSVDB:31765"], "type": "osvdb"}, {"idList": ["CVE-2006-5855"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:15311"], "type": "securityvulns"}, {"idList": ["VU:350625", "VU:887249", "VU:478753"], "type": "cert"}, {"idList": ["D2SEC_TSM"], "type": "d2"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "c5ae56ee86a2f271593617ff7aea14b140ae5992b9929ffdd39b8b5c8d2259f9", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c1641de59ddded98fe0684f8d57ab71b", "key": "sourceData"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "d7c4860bebacfcf9d8801d2ef69927c7", "key": "description"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026", "key": "cpe"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2019-01-16T20:07:23", "modified": "2018-07-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:07:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c53f6943e9285364c6f0e78d3043edcd58c3ae299f3852095491fe18b8451f39", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "e08056d7c2d1840f99c39098ef7e16e9", "key": "description"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c1641de59ddded98fe0684f8d57ab71b", "key": "sourceData"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026", "key": "cpe"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2018-09-02T00:08:13", "modified": "2018-07-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-02T00:08:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c53f6943e9285364c6f0e78d3043edcd58c3ae299f3852095491fe18b8451f39", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "e08056d7c2d1840f99c39098ef7e16e9", "key": "description"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c1641de59ddded98fe0684f8d57ab71b", "key": "sourceData"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026", "key": "cpe"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2018-07-13T10:23:28", "modified": "2018-07-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-13T10:23:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2006-5855"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is running a version of IBM Tivoli Storage Manager that is vulnerable to multiple buffer overflows. Using specially a crafted packet, an attacker could exploit these flaws to execute arbitrary code on the host or to disable this service.", "edition": 1, "enchantments": {}, "hash": "be8f009327aec3754b78aed1523127b8affe5865359d33a0665e34cfcc683f68", "hashmap": [{"hash": "b4ba25499a84346b613a83163f1330dc", "key": "title"}, {"hash": "e08056d7c2d1840f99c39098ef7e16e9", "key": "description"}, {"hash": "fd24d7816718d90579e01e7c7caf2c35", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5de2a609f24dd206f3a9cfe3378fb4e0", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "503784f73b99dacc555fc179e5d44496", "key": "modified"}, {"hash": "cca4a8cb518c12f091d09374ed5dd3c8", "key": "href"}, {"hash": "3aeaba32235f7b2b9efa265f5da5ef6c", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "815eb5258a1d443451b4abe89b65099c", "key": "sourceData"}, {"hash": "6a1222b3bad8a441bcf859fa414ad792", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25662", "id": "IBM_TSM_MULTIPLE.NASL", "lastseen": "2016-09-26T17:26:31", "modified": "2014-08-12T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.2", "pluginID": "25662", "published": "2007-07-03T00:00:00", "references": ["http://dvlabs.tippingpoint.com/advisory/TPTI-06-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2014/08/12 14:36:12 $\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n script_osvdb_id(31764, 31765, 31766);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "title": "IBM Tivoli Storage Manager Multiple Remote Overflows", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:31"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1ecd5af84fda5a1bd8c5d8f1cc6e5026"}, {"key": "cvelist", "hash": "fd24d7816718d90579e01e7c7caf2c35"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "e08056d7c2d1840f99c39098ef7e16e9"}, {"key": "href", "hash": "cca4a8cb518c12f091d09374ed5dd3c8"}, {"key": "modified", "hash": "f5e850f1985da305c7f9475708cd4d52"}, {"key": "naslFamily", "hash": "55e5f61d4983f1c14216d056f7a03453"}, {"key": "pluginID", "hash": "5de2a609f24dd206f3a9cfe3378fb4e0"}, {"key": "published", "hash": "3aeaba32235f7b2b9efa265f5da5ef6c"}, {"key": "references", "hash": "6a1222b3bad8a441bcf859fa414ad792"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "c1641de59ddded98fe0684f8d57ab71b"}, {"key": "title", "hash": "b4ba25499a84346b613a83163f1330dc"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c53f6943e9285364c6f0e78d3043edcd58c3ae299f3852095491fe18b8451f39", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5855"]}, {"type": "cert", "idList": ["VU:887249", "VU:478753", "VU:350625"]}, {"type": "osvdb", "idList": ["OSVDB:31766", "OSVDB:31765", "OSVDB:31764"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15311"]}, {"type": "d2", "idList": ["D2SEC_TSM"]}], "modified": "2019-02-21T01:09:58"}, "score": {"value": 9.1, "vector": "NONE", "modified": "2019-02-21T01:09:58"}, "vulnersScore": 9.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25662);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n script_cve_id(\"CVE-2006-5855\");\n script_bugtraq_id(21440);\n\n script_name(english:\"IBM Tivoli Storage Manager Multiple Remote Overflows\");\n script_summary(english:\"Test the IBM TSM buffer overflows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nremote overflow vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM Tivoli Storage Manager\nthat is vulnerable to multiple buffer overflows. Using specially a\ncrafted packet, an attacker could exploit these flaws to execute\narbitrary code on the host or to disable this service.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://dvlabs.tippingpoint.com/advisory/TPTI-06-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tivoli Storage Manager 5.2.9 / 5.3.4 or later. Upgrade to\nTivoli Storage Manager Express 5.3.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_detect.nasl\");\n script_require_keys(\"installed_sw/IBM Tivoli Storage Manager\");\n script_require_ports(\"Services/tsm-agent\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nport = get_service(svc:\"tsm-agent\",exit_on_fail:TRUE);\nprod = \"IBM Tivoli Storage Manager\";\nget_install_count(app_name:prod, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:prod, port:port);\n\n# Install data\nversion = install[\"version\"];\n\n# Report info\nfix = \"5.2.9 / 5.3.4\";\nif(install[\"Express\"]) {\n\tprod += \" Express\";\n\tfix = \"5.3.7.1\";\n}\n\nif(\n\t(ver_compare(ver:version,fix:\"5.2.9\",strict:FALSE) < 0) ||\n\t(version =~ \"^5\\.3\\.\" && ver_compare(ver:version,fix:\"5.3.4\",strict:FALSE) < 0) ||\n\t(install[\"Express\"] && ver_compare(ver:version,fix:\"5.3.7.1\",strict:FALSE) < 0)\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n } else security_hole(port);\n} else audit(AUDIT_LISTEN_NOT_VULN, prod, port);\n", "naslFamily": "Gain a shell remotely", "pluginID": "25662", "cpe": ["cpe:/a:ibm:tivoli_storage_manager"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.", "modified": "2018-10-17T21:45:00", "id": "CVE-2006-5855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855", "published": "2006-12-06T19:28:00", "title": "CVE-2006-5855", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2019-10-09T19:50:58", "bulletinFamily": "info", "description": "### Overview \n\nA buffer overflow condition exists in the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code.\n\n### Description \n\nThe IBM [Tivoli Storage Manager](<http://www-306.ibm.com/software/tivoli/products/storage-mgr/>) (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register and authenticate to servers before performing backup functions.\n\nFrom TippingPoint Advisory [TSRT-06-14](<http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>): \n[](<http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>)_The initial sign-on request contains a field to specify the language. In normal cases we've seen, this string is dscenu.txt. Typically the server will validate that the language string is no longer than 0x100 bytes. However, if the first byte of the language string is 0x18, this check will not occur, and a fixed sized buffer will be overrun._ \n \nAn attacker may be able to craft a malformed sign-on request that triggers the overflow on the TSM Server. \n \nNote that IBM has released the below information on their [support site](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>), which conflicts with other public reports: \n_This problem relates to an internal buffer overflow in TSM but IBM does not believe it is possible to exploit this buffer overflow for remote code execution, however, this exposure can be used to crash the TSM server._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server. \n \n--- \n \n### Solution \n\n**Update **\n\nAn [update](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>) provided by IBM may address this issue. \n \n--- \n \n \n**Restrict access** \nRestricting access to port `1500/tcp` at the network perimeter may mitigate the effects of this vulnerability. Note that an administrator can change the port that the TSM servers use with the [`port_address`](<http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmc.doc/ans10000251.htm#opt6088>)` `parameter. \n \n--- \n \n### Vendor Information\n\n887249\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ IBM Corporation\n\nNotified: December 05, 2006 Updated: February 05, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www-1.ibm.com/support/docview.wss?uid=swg21250261>\n * <http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>\n * <http://secunia.com/advisories/23177/>\n * <http://www.securityfocus.com/bid/21440>\n\n### Acknowledgements\n\nThis report was based on information from Tipping Point Advisory TSRT-06-14.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-5855](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855>) \n---|--- \n**Severity Metric:****** | 0.36 \n**Date Public:** | 2006-12-04 \n**Date First Published:** | 2007-02-05 \n**Date Last Updated: ** | 2007-02-09 15:49 UTC \n**Document Revision: ** | 30 \n", "modified": "2007-02-09T15:49:00", "published": "2007-02-05T00:00:00", "id": "VU:887249", "href": "https://www.kb.cert.org/vuls/id/887249", "type": "cert", "title": "IBM Tivoli Storage Manager Server vulnerable to buffer overflow", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-09T19:50:58", "bulletinFamily": "info", "description": "### Overview \n\nA buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code.\n\n### Description \n\nThe IBM [Tivoli Storage Manager](<http://www-306.ibm.com/software/tivoli/products/storage-mgr/>) (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register with servers before performing backup functions. TSM servers can be configured to allow closed or open registration. Per the Tivoli User Guide, in [open registration](<http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmhpn.doc/update/anrhrf53389.htm#setregs>), when a user accesses a server from an unregistered client, the server prompts the user for a node name, password, and contact information before registering the workstation.\n\nA buffer overflow vulnerability exists in the way the TSM server performs this open registration message proccessing. [](<http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>)An attacker may be able to send a specially crafted registration message to a vulnerable TSM server that triggers the overflow. \n \nNote that IBM has released the below information on their [support site](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>), which conflicts with the original public report: \n_This problem relates to an internal buffer overflow in TSM but IBM does not believe it is possible to exploit this buffer overflow for remote code execution, however, this exposure can be used to crash the TSM server._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server. \n \n--- \n \n### Solution \n\n**Update **\n\nThe [update](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>) provided by IBM may address this issue. \n \n--- \n \n**Restrict access**\n\nRestricting access to port `1500/tcp` at the network perimeter may mitigate the effects of this vulnerability. Note that an administrator can change the port that the TSM servers use with the [`port_address`](<http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmc.doc/ans10000251.htm#opt6088>)` `parameter. \n \n--- \n \n### Vendor Information\n\n478753\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ IBM Corporation\n\nUpdated: December 08, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/23177/>\n * <http://www-1.ibm.com/support/docview.wss?uid=swg21250261>\n * <http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>\n * <http://www-306.ibm.com/software/tivoli/products/storage-mgr/>\n * <http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmhpn.doc/update/anrhrf53389.htm#setregs>\n * <http://www.securityfocus.com/bid/21440>\n\n### Acknowledgements\n\nThis report was based on information from Tipping Point Advisory TSRT-06-14.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-5855](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855>) \n---|--- \n**Severity Metric:****** | 0.50 \n**Date Public:** | 2006-12-04 \n**Date First Published:** | 2007-02-05 \n**Date Last Updated: ** | 2007-02-09 15:49 UTC \n**Document Revision: ** | 41 \n", "modified": "2007-02-09T15:49:00", "published": "2007-02-05T00:00:00", "id": "VU:478753", "href": "https://www.kb.cert.org/vuls/id/478753", "type": "cert", "title": "IBM Tivoli Storage Manager vulnerable to a buffer overflow", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-09T19:50:59", "bulletinFamily": "info", "description": "### Overview \n\nA buffer overflow condition exists in certain login fields on the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to \ncause a denial-of-service condition or possibly execute arbitrary code\n\n### Description \n\nThe IBM [Tivoli Storage Manager](<http://www-306.ibm.com/software/tivoli/products/storage-mgr/>) (TSM) is a remote backup software package that runs on clients and servers. TSM clients must register and authenticate to servers before performing backup functions. The `SmExecuteWdsfSession`() function is used during the initial part of the authentication process.\n\nFrom a [public vulnerability report](<http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>), a buffer overflow vulnerability exists in this function. The overflow can be triggered during the processing of two separate fields sent in the request, both of which are copied into fixed sized buffers, without any validation of their lengths. \n \nAn attacker may be able to send specially crafted malformed input to the `SmExecuteWdsfSession()` funtion that triggers a buffer overflow on the TSM Server. \n \nNote that IBM has released the below information on their [support site](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>), which conflicts with the original public report: \n_This problem relates to an internal buffer overflow in TSM but IBM does not believe it is possible to exploit this buffer overflow for remote code execution, however, this exposure can be used to crash the TSM server._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to cause the TSM server to crash, thereby creating a denial-of-service condition. It may also be possible for the attacker to execute arbitrary code in the context of the TSM server. \n \n--- \n \n### Solution \n\n**Update **\n\nThe [update](<http://www-1.ibm.com/support/docview.wss?uid=swg21250261>) provided by IBM may address this issue. \n \n--- \n \n \n**Restrict access** \nRestricting access to port `1500/tcp` at the network perimeter may mitigate the effects of this vulnerability. Note that an administrator can change the port that the TSM servers use with the [`port_address`](<http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmc.doc/ans10000251.htm#opt6088>)` `parameter. \n \n--- \n \n### Vendor Information\n\n350625\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ IBM Corporation\n\nUpdated: December 08, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/23177/>\n * <http://www-1.ibm.com/support/docview.wss?uid=swg21250261>\n * <http://www-306.ibm.com/software/tivoli/products/storage-mgr/>\n * <http://www.tippingpoint.com/security/advisories/TSRT-06-14.html>\n * <http://www.securityfocus.com/bid/21440>\n\n### Acknowledgements\n\nThis report was based on information from Tipping Point Advisory TSRT-06-14.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-5855](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855>) \n---|--- \n**Severity Metric:****** | 0.14 \n**Date Public:** | 2006-12-04 \n**Date First Published:** | 2007-02-05 \n**Date Last Updated: ** | 2007-02-09 15:49 UTC \n**Document Revision: ** | 29 \n", "modified": "2007-02-09T15:49:00", "published": "2007-02-05T00:00:00", "id": "VU:350625", "href": "https://www.kb.cert.org/vuls/id/350625", "type": "cert", "title": "IBM Tivoli Storage Manager SmExecuteWdsfSession( ) function vulnerable to buffer overflow", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg21250261\nSecurity Tracker: 1017333\n[Secunia Advisory ID:23177](https://secuniaresearch.flexerasoftware.com/advisories/23177/)\n[Related OSVDB ID: 31763](https://vulners.com/osvdb/OSVDB:31763)\n[Related OSVDB ID: 31765](https://vulners.com/osvdb/OSVDB:31765)\n[Related OSVDB ID: 31764](https://vulners.com/osvdb/OSVDB:31764)\nOther Advisory URL: http://www.tippingpoint.com/security/advisories/TSRT-06-14.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0067.html\nFrSIRT Advisory: ADV-2006-4856\n[CVE-2006-5855](https://vulners.com/cve/CVE-2006-5855)\nBugtraq ID: 21440\n", "modified": "2006-12-04T08:18:55", "published": "2006-12-04T08:18:55", "href": "https://vulners.com/osvdb/OSVDB:31766", "id": "OSVDB:31766", "title": "IBM Tivoli Storage Manager Open Registeration Message contact Field Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg21250261\nSecurity Tracker: 1017333\n[Secunia Advisory ID:23177](https://secuniaresearch.flexerasoftware.com/advisories/23177/)\n[Related OSVDB ID: 31763](https://vulners.com/osvdb/OSVDB:31763)\n[Related OSVDB ID: 31766](https://vulners.com/osvdb/OSVDB:31766)\n[Related OSVDB ID: 31765](https://vulners.com/osvdb/OSVDB:31765)\nOther Advisory URL: http://www.tippingpoint.com/security/advisories/TSRT-06-14.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0067.html\nFrSIRT Advisory: ADV-2006-4856\n[CVE-2006-5855](https://vulners.com/cve/CVE-2006-5855)\nBugtraq ID: 21440\n", "modified": "2006-12-04T08:18:55", "published": "2006-12-04T08:18:55", "href": "https://vulners.com/osvdb/OSVDB:31764", "id": "OSVDB:31764", "title": "IBM Tivoli Storage Manager Login language Field Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg21250261\nSecurity Tracker: 1017333\n[Secunia Advisory ID:23177](https://secuniaresearch.flexerasoftware.com/advisories/23177/)\n[Related OSVDB ID: 31763](https://vulners.com/osvdb/OSVDB:31763)\n[Related OSVDB ID: 31766](https://vulners.com/osvdb/OSVDB:31766)\n[Related OSVDB ID: 31764](https://vulners.com/osvdb/OSVDB:31764)\nOther Advisory URL: http://www.tippingpoint.com/security/advisories/TSRT-06-14.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0067.html\nFrSIRT Advisory: ADV-2006-4856\n[CVE-2006-5855](https://vulners.com/cve/CVE-2006-5855)\nBugtraq ID: 21440\n", "modified": "2006-12-04T08:18:55", "published": "2006-12-04T08:18:55", "href": "https://vulners.com/osvdb/OSVDB:31765", "id": "OSVDB:31765", "title": "IBM Tivoli Storage Manager SmExecuteWdsfSession Function Multiple Overflows", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "exploit", "description": "**Name**| d2sec_tsm \n---|--- \n**CVE**| CVE-2006-5855 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| IBM Tivoli Storage Manager Server Buffer Overflow \n**Notes**| \n", "modified": "2006-12-06T19:28:00", "published": "2006-12-06T19:28:00", "id": "D2SEC_TSM", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_tsm", "title": "DSquare Exploit Pack: D2SEC_TSM", "type": "d2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "description": "TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow\r\n Vulnerabilities\r\nhttp://www.tippingpoint.com/security/advisories/TSRT-06-14.html\r\nDecember 4, 2006\r\n\r\n-- CVE ID:\r\nCVE-2006-5855\r\n\r\n-- Affected Vendor:\r\nIBM\r\n\r\n-- Affected Products:\r\nTivoli Storage Manager <5.2.9\r\nTivoli Storage Manager <5.3.4\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability since April 3, 2006 by Digital Vaccine protection\r\nfilter ID 4248. For further product information on the TippingPoint IPS:\r\n\r\n http://www.tippingpoint.com \r\n\r\n-- Vulnerability Details:\r\nThese vulnerabilities allow attackers to execute arbitrary code on\r\nvulnerable installations of IBM Tivoli Storage Manager. Authentication\r\nis not required to exploit these vulnerabilities.\r\n\r\nThe specific flaws are similar and exist in the processing of messages\r\nby the Tivoli Storage Manager service, bound on TCP port 1500. The\r\nmessages are structured in the form [index][size]. The 'index' field\r\nspecifies an integer offset into the body of the message for a specific\r\nfield, and the 'size' field specifies the size of the indexed field.\r\n\r\nAs no validation is done on the index fields, an attacker can force the\r\nservice to look beyond the end of the packet, often landing in\r\nunallocated memory and resulting in a denial of service.\r\n\r\nThe size fields are often checked to ensure they do not exceed the\r\nbounds of the destination buffers that data is being copied to.\r\nHowever, we have found the following four instances where the size\r\nfiles are left unchecked:\r\n\r\nOverflow 1\r\nThe initial sign-on request contains a field to specify the language.\r\nIn normal cases we've seen, this string is dscenu.txt. Typically the\r\nserver will validate that the language string is no longer than 0x100\r\nbytes. However, if the first byte of the language string is 0x18, this\r\ncheck will not occur, and a fixed sized buffer will be overrun.\r\n\r\nOverflows 2 and 3\r\nThere is an overflow vulnerability in messages processed by the\r\nSmExecuteWdsfSession function. There are two fields in this request,\r\nboth are copied into fixed sized buffers, without any validation of\r\ntheir lengths.\r\n\r\nOverflow 4\r\nThere is an overflow in the open registration message due to an\r\nunchecked copy into a fixed size buffer for the contact field of the\r\nregistration.\r\n\r\nAll four of the above detailed overflows can lead to arbitrary code\r\nexecution under the context of the Tivoli service.\r\n\r\n-- Vendor Response:\r\nIBM has issued an update to correct this vulnerability. More details can\r\nbe found at:\r\n\r\nhttp://www-1.ibm.com/support/docview.wss?uid=swg21250261\r\n\r\n-- Disclosure Timeline:\r\n2006.04.03 - Digital Vaccine released to TippingPoint customers\r\n2006.05.09 - Vulnerability reported to vendor\r\n2006.12.04 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by the TippingPoint Security Research\r\nTeam.\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\r\n(ZDI) represents a best-of-breed model for rewarding security\r\nresearchers for responsibly disclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is used.\r\n3Com does not re-sell the vulnerability details or any exploit code.\r\nInstead, upon notifying the affected product vendor, 3Com provides its\r\ncustomers with zero day protection through its intrusion prevention\r\ntechnology. Explicit details regarding the specifics of the\r\nvulnerability are not exposed to any parties until an official vendor\r\npatch is publicly available. Furthermore, with the altruistic aim of\r\nhelping to secure a broader user base, 3Com provides this vulnerability\r\ninformation confidentially to security vendors (including competitors)\r\nwho have a vulnerability protection or mitigation product.", "modified": "2006-12-05T00:00:00", "published": "2006-12-05T00:00:00", "id": "SECURITYVULNS:DOC:15311", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15311", "title": "TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
