Windows web GUI vulnerability
2002-04-26 09:32:37
Subject: |
Windows web GUI vulnerability |
From: |
Lisa Cabanas <CABANL AT MODOT DOT NET> |
Date: |
Fri, 26 Apr 2002 08:32:52 -0500 |
Just passing this on... it may have been on the list already, but I had to
delete a bunch of messages to "catch up" on my mail ;-)
iXsecurity Security
Vulnerability Report
No:
iXsecurity.20020327.tivoli_tsm_d
smcad.a
================================
===========
Vulnerability Summary
---------------------
Problem: The Tivoli Storage Manager
webserver, running
on port
1581 has a buffer overflow
condition.
Threat: An attacker could make the
webserver crash and
possibly
execute arbitrary code.
Affected Software: Tivoli Storage
Manager version 4.2.x.x.
Platform: Windows NT4/2000.
Vulnerability Description
-------------------------
A request for the URL
A.AAAAA....approximately_1292_more_
A's to the
webserver running on port 1581 (TSM
Client Acceptor) will result in a
crash, overwriting EIP. The buffer
overwriting EIP is in a widestring
format, making it a little more
difficult, although not impossible,
to exploit.
Solution
--------
See APAR IC33211
Apply Patch V4.2.1.32 currently
available at
http://www.tivoli.com/support/stora
ge_mgr/clients.html
For additional information or
assistance please contact your
IBM Service Representative at
1-800-IBM-SERV
Additional Information
----------------------
Tivoli was contacted 20020327.
This vulnerability was found and
researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson AT ixsecurity DOT com
jonas.landin AT ixsecurity DOT com
This document is also available at:
http://www.cqure.net/advisories/
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- Windows web GUI vulnerability,
Lisa Cabanas <=
|
|
|