Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IBM Tivoli Storage Manager Long Username Buffer Overflow Vulnerability

IBM Tivoli Storage Manager Long Username Buffer Overflow Vulnerability

by Nikola Strahija on April 14th, 2002 A buffer overflow condition has been discovered in IBM Tivoli Storage Manager. If an unusually long username is supplied to the HTTP port of the server, a buffer overflow could occur. As a result, it is possible to overwrite stack variables, including the return address, and cause the execution of arbitrary code.


Remote: Yes

Exploit: No

Solution: IBM Tivoli Storage Manager 4.2:

IBM Patch TSMSRV42115_WIN
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/NT/4.2.1.15/TSMSRV42115_WIN.exe
Windows NT & Windows 2000

IBM Patch TSMSRVAIX04_02_01_15
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/AIX/4.2.1.15/TSMSRVAIX04_02_01_15.tar.gz
AIX

IBM Patch TSMSRV42115_HP
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/HP-UX/4.2.1.15/TSMSRV42115_HP.tar
HP

IBM Tivoli Storage Manager 4.2.1:

IBM Patch TSMSRV42115_WIN
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/NT/4.2.1.15/TSMSRV42115_WIN.exe
Windows NT & Windows 2000

IBM Patch TSMSRVAIX04_02_01_15
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/AIX/4.2.1.15/TSMSRVAIX04_02_01_15.tar.gz
AIX

IBM Patch TSMSRV42115_HP
ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/server/HP-UX/4.2.1.15/TSMSRV42115_HP.tar
HP


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »