In association with heise online

05 December 2006, 13:44

Four buffer overflows in IBM's Tivoli Storage Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Tipping Point is reporting on four buffer overflows in the data backup solution for IBM's Tivoli Storage Manager. Attackers can exploit them to gain control of a system without prior authentication. All four bugs are related to the processing of network communication for the Storage Manager Service via TCP Port 1500 and can be provoked through specially prepared requests. Each of the buffer overflows is susceptible to attackers planting and executing code through them. The bug affects Tivoli Storage Manager prior to version 5.2.9 as well as prior to version 5.3.4.

IBM has confirmed the bug, but speaks only of potential system crashes in its bug advisory. An update eliminates the buffer overflows.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit