|
|
|
|
| |
Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
|
| |
Vulnerable Systems:
* Tivoli Storage Manager Express backup clients
* Tivoli Storage Manager version 5.1 backup clients
* Tivoli Storage Manager version 5.2 backup clients
* Tivoli Storage Manager version 5.3 backup clients
* Tivoli Storage Manager version 5.4 backup clients
The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.
Vendor Response:
IBM has issued an update to correct this vulnerability. More details can be found at:
http://www-1.ibm.com/support/docview.wss?uid=swg21268775
Disclosure Timeline:
2007.05.22 - Vulnerability reported to vendor
2007.09.24 - Digital Vaccine released to TippingPoint customers
2007.09.24 - Coordinated public release of advisory
CVE Information:
CVE-2007-4880
|
|
|
|
|
