OSVDB ID: 38161

Title: IBM Tivoli Storage Manager (TSM) Client Client Acceptor Daemon (CAD, dsmcad.exe) Remote Overflow

Info

Disclosure

Sep 20, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 20, 2007

Description

A buffer overflow exists in Tivoli Storage Manager. The Client Acceptor Daemon (CAD) fails to validate HTTP headers received on TCP port 1581 resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

International Business Machines Corporation	Tivoli Storage Manager	5.1.8.0
		5.2.5.1
		5.3.5.2
		5.4.1.1

References

Security Tracker: 1018725
CVE ID: 2007-4880 (see also: NVD)
Bugtraq ID: 25743
Secunia Advisory ID: 26883
SCIP VulDB ID: 3319 3320
ISS X-Force ID: 36700
Metasploit ID: 38161
Related OSVDB ID: 38162
VUPEN Advisory: ADV-2007-3228
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/tivoli_storage_mgr_cad_host
Other Advisory URL: http://securityreason.com/securityalert/3184
http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
Vendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg21268775
http://www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
Keyword: IC52905

Credit

Sebastian Apelt - webmasterbuzzworld.org -

Direct URL: http://osvdb.org/38161

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

Tivoli Storage Manager

References

Credit