Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Storage Manager (please use IBM Tivoli Storage Manager) Vendors:   IBM
IBM Tivoli Storage Manager Bugs Let Remote Users Execute Arbitrary Code and Access Client Data
SecurityTracker Alert ID:  1018725
SecurityTracker URL:
CVE Reference:   CVE-2007-4880   (Links to External Site)
Updated:  Sep 26 2007
Original Entry Date:  Sep 21 2007
Impact:   Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1, 5.2, 5.3, 5.4
Description:   Two vulnerabilities were reported in the IBM Tivoli Storage Manager. A remote user can execute arbitrary code on the target system. A remote user can access client data.

A remote user can send specially crafted data to trigger a buffer overflow in the Client Acceptor Daemon and execute arbitrary code on the target system. The code will run with the privileges of the target service.

A remote user can exploit a server-initiated prompted scheduling function to gain access to the target client's data.

The Web Client GUI, CAD-managed scheduling, and server-initiated prompted scheduling functions are affected.

The following versions are affected:

* Version 5, Release 4, Levels 0.0 - 1.1
* Version 5, Release 3, Levels 0.0 - 5.2
* Version 5, Release 2, Levels 0.0 - 5.1
* Version 5, Release 1, Levels 0.0 - 8.0

The vendor was notified of the CAD service buffer overflow on May 22, 2007.

Sebastian Apelt reported the buffer overflow vulnerability via TippingPoint and an IBM customer reported the client data access vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can gain access to client data.

Solution:   The vendor has issued a fix (APARs IC52905 and IC53616).

The following fixed versions are available. (UK27738 and UK27739): (UK29248 and UK29249): and

Express clients:

The IBM advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC