Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow

2009-05-11T00:00:00
ID SAINT:14BF007FCD0469A57C296D46D703B817
Type saint
Reporter SAINT Corporation
Modified 2009-05-11T00:00:00

Description

Added: 05/11/2009
CVE: CVE-2008-4828
BID: 34803
OSVDB: 54232

Background

IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon (CAD) on ports 1581/TCP and 1582/TCP. The Client Acceptor Daemon, upon receiving a request over the network, starts the Remote Client Agent service (**dsmagent.exe**) which listens on port 1584/TCP.

Problem

A buffer overflow vulnerability in the Remote Client Agent service allows remote attackers to execute arbitrary commands by sending a dicuGetIdentify Request with a long, specially crafted NodeName parameter.

Resolution

Apply a security fix.

References

<http://secunia.com/secunia_research/2008-55/>

Limitations

Exploit works on Tivoli Storage Manager Backup Client 5.3.6.2.

Platforms

Windows 2000
Windows Server 2003