Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:IBM:TIVOLI-MAN-HEAP

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 IBM Tivoli Storage Manager Express Backup Heap Corruption

Release Date

 2011/07/19

Update Number

 1957

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: IBM Tivoli Storage Manager Express Backup Heap Corruption


This signature detects attempts to exploit a known vulnerability in IBM Tivoli Storage Manager. This vulnerability is due to a lack of validation of a user supplied value in a message. This value is later used as a counter to populate a fixed length heap buffer. A remote unauthenticated attacker may leverage this vulnerability to create a denial of service condition of the affected service, or inject and execute arbitrary code on the target host. In an attack case where code injection is not successful, the target IBM Tivoli Express Backup Server service will terminate. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with SYSTEM level privileges.

Extended Description

IBM Tivoli Storage Manager (TSM) Express and Enterprise servers are prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue would allow a remote attacker to corrupt memory and execute arbitrary code in the context of the vulnerable application.

Affected Products

  • Ibm tivoli_storage_manager 4.2.0
  • Ibm tivoli_storage_manager 4.2.1
  • Ibm tivoli_storage_manager 4.2.1 .15
  • Ibm tivoli_storage_manager 4.2.1 .32
  • Ibm tivoli_storage_manager 5.1.8.1
  • Ibm tivoli_storage_manager 5.1.8.2
  • Ibm tivoli_storage_manager 5.2.4
  • Ibm tivoli_storage_manager 5.2.5.2
  • Ibm tivoli_storage_manager 5.2.5.3
  • Ibm tivoli_storage_manager 5.2.9
  • Ibm tivoli_storage_manager 5.3
  • Ibm tivoli_storage_manager 5.3.2.4
  • Ibm tivoli_storage_manager 5.3.4
  • Ibm tivoli_storage_manager 5.3.5.1
  • Ibm tivoli_storage_manager 5.3.6.1
  • Ibm tivoli_storage_manager 5.3.6.2
  • Ibm tivoli_storage_manager 5.3.6.9 Express
  • Ibm tivoli_storage_manager 5.4
  • Ibm tivoli_storage_manager 5.4.2.2
  • Ibm tivoli_storage_manager 5.4.2.3
  • Ibm tivoli_storage_manager 5.4.2.4
  • Ibm tivoli_storage_manager 5.4.4.0
  • Ibm tivoli_storage_manager_express 5.3
  • Ibm tivoli_storage_manager_express 5.3.7.3

References

  • BugTraq: 34077
  • CVE: CVE-2008-4563

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out