|
|
|
|
| |
Credit:
The information has been provided by Dyon Balding.
The original article can be found at: http://secunia.com/secunia_research/2008-51/
|
| |
Vulnerable Systems:
* IBM Tivoli Storage Manager versions 6.1.0.0 through 6.1.0.1
* IBM Tivoli Storage Manager versions 5.5.0.0 through 5.5.2.1
* IBM Tivoli Storage Manager versions 5.4.0.0 through 5.4.2.7
* IBM Tivoli Storage Manager versions 5.3.0.0 through 5.3.6.6
* IBM Tivoli Storage Manager Express versions 5.3.3.0 through 5.3.6.6
Immune Systems:
* IBM Tivoli Storage Manager version 6.1.0.2
* IBM Tivoli Storage Manager version 5.5.2.2
* IBM Tivoli Storage Manager version 5.4.3
* IBM Tivoli Storage Manager version 5.3.6.7
* IBM Tivoli Storage Manager Express version 5.3.6.7
A buffer overrun vulnerability exists in the client acceptor daemon (CAD) scheduler, which has the potential to crash the TSM client agent process or to allow malicious code injection. The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.
The CAD scheduler is not the default scheduler, except on the Macintosh client and the TSM Express client. On non-Macintosh and non-Express clients, the CAD scheduler will only be used if the MANAGEDSERVICES option is set to SCHEDULE.
CVE Information:
CVE-2008-4826
Disclosure Timeline:
07/11/2008 - Vendor notified.
15/11/2008 - Vendor response.
04/11/2009 - Public disclosure.
-------------------------------------------------------------------------------------------------------------------------------
This vulnerability and over 10,000 others are identified and reported by AVDS, the most technically sophisticated network vulnerability assessment and management system available.
|
|
|
|
|
