ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Security alert

2007-09-25 14:10:19
Subject: Re: [ADSM-L] Security alert
From: Daniel Lane <dlane AT THEABFM DOT ORG>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 25 Sep 2007 13:47:56 -0400 
Fred,

Are you talking about this one?

Widely Deployed Software
(2) HIGH: IBM Tivoli Storage Manager Multiple Vulnerabilities

Affected:
IBM Tivoli Storage Manager and Storage Manager Express Clients versions 5.1 
through 5.4

Description: IBM Tivoli Storage Manager is IBM's enterprise storage
management solution. The client component of this application contains
multiple vulnerabilities. A flaw in the Client Acceptor Daemon (CAD) can
lead to a buffer overflow. Successfully exploiting this buffer overflow
could lead to an attacker executing arbitrary code with the privileges
of the vulnerable process. Additionally, an undisclosed flaw in the
scheduling component can lead to data disclosure and possibly other
vulnerabilities. Some technical details for the buffer overflow
vulnerabilities are publicly available.

Status: IBM confirmed, updates available.

References:
IBM Security Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21268775
Zero Dat Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-054.html
SecurityFocus BID
http://www.securityfocus.com/bid/25743


Thank You,
Dan Lane
dlane AT theabfm DOT org - Email
"This email message and any attachments are confidential and may be privileged. 
If you are not the intended recipient, please notify the American Board of 
Family Medicine immediately -- by replying to this message or by sending an 
email to dlane AT theabfm DOT org. If you are not the intended recipient, you 
must immediately destroy all copies of this message and any attachments without 
reading or disclosing their contents. Thank you.
For more information regarding the American Board of Family Medicine, please 
visit us at https://www.theabfm.org/.";


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Fred Johanson
Sent: Tuesday, September 25, 2007 1:40 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Security alert

Anybody seen any more details on the TSM security alert issued
yesterday?



Fred Johanson
TSM Administrator
University of Chicago

773-702-8464
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ADSM-L] TSM security flash, Andrew Raibeck
Next by Date:  Re: [ADSM-L] TSM security flash, Fred Johanson
Previous by Thread:  Re: [ADSM-L] Security alert, Zoltan Forray/AC/VCU
Next by Thread:  [ADSM-L] TSM security flash, Andrew Raibeck
Indexes:  [Date] [Thread] [Top] [All Lists]