SAINT CorporationSAINT:5D32DA55B493D11F32E4E4656735ED9FIBM Cognos TM1 and Express Admin Server Buffer Overflow
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
Added: 12/27/2012
CVE: CVE-2012-0202
BID: 52847
OSVDB: 80876
Background
IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis.
IBM Cognos Express is an integrated business intelligence (BI) and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companies need.
Problem
The TM1 Admin Server (tm1admsd.exe) that ships with IBM Cognos TM1 versions 9.5.x prior to 9.5.2 FP2 and 9.4.1 and IBM Cognos Express versions 9.5 and 9.0 is vulnerable to a buffer overflow because it does not check the size of the data being sent to it. This could permit a remote malicious attacker to run arbitrary code in the context of the Admin Server process.
Resolution
Apply the relevant patches referenced in the IBM Security Bulletins: IBM Cognos TM1 Admin Server vulnerabilities and IBM Cognos Express Admin Server vulnerabilities.
References
<http://www.zerodayinitiative.com/advisories/ZDI-12-101/>
Limitations
This exploit was tested against IBM Cognos Express 9.5 on Windows XP SP3 English (DEP OptIn).
Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
Platforms
Windows
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%