Tivoli Storage Manager heap corruption

2009-03-12T00:00:00
ID SAINT:393926B992D2B260DC4D80AFD1486AA5
Type saint
Reporter SAINT Corporation
Modified 2009-03-12T00:00:00

Description

Added: 03/12/2009
CVE: CVE-2008-4563
BID: 34077

Background

IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations.

Problem

A heap overflow allows remote attackers to execute arbitrary commands.

Resolution

Apply the workaround or solution described in the IBM advisory.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775>

Limitations

Exploit works on Tivoli Storage Manager Express Server 5.3.7.3 on Windows Server 2003.

Platforms

Windows