Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: web5258.htm

Tivoli Storage Manager webserver buffer overflow (client & server)
15th Apr 2002 [SBWID-5258]

	Tivoli Storage Manager webserver buffer overflow (client & server)


	Tivoli Storage Manager version 4.2.x.x.


	Patrik     Karlsson     &     Jonas     Lšndin     of     iXsecurity
	[] reported :

	 Client side



	A request for the  URL  A.AAAAA....approximately_1292_more_A\'s  to  the
	webserver running on port 1581 (TSM Client Acceptor) will  result  in  a
	crash, overwriting EIP. The buffer overwriting EIP is  in  a  widestring
	format, making it a little more difficult, although not  impossible,  to


	 Server side



	The  webserver  bound  to  1580  (dsmsvc.exe)  has  a  buffer   overflow
	condition. If an attacker would login, using  the  login  form,  with  a
	username of approx. 1976 characters long, he would overwrite  EIP.  This
	would lead to the service crashing, and  the  possibility  of  arbitrary
	code execution.


	Apply Patches V4.2.1.32 from :



	and patch V4.2.1.15 from :


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH