Detections
Analytics

IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775)

critical Nessus Plugin ID 26187

Language:

Synopsis

The remote backup client is susceptible to multiple attacks.

Description

The remote host is running an IBM Tivoli Storage Manager (TSM) client.

The version of the TSM client installed on the remote host reportedly contains a buffer overflow vulnerability in its Client Acceptor Daemon (CAD) service. Using an HTTP request with a long Host header, a remote attacker may be able to exploit this issue to crash the affected host or to execute arbitrary commands with administrative privileges.

In addition, the use of server-initiated prompted scheduling also may allow unauthorized access to the client's data under certain conditions.

Solution

Upgrade to Tivoli Storage Manager version 5.4.1.2 / 5.3.5.3 / 5.2.5.2 / 5.1.8.1 backup-archive client or the Tivoli Storage Manager Express 5.3.5.3 client.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-054/

https://www.securityfocus.com/archive/1/480492/30/0/threaded

https://www-01.ibm.com/support/docview.wss?uid=swg1IC52905

Plugin Details

Severity: Critical

ID: 26187

File Name: ibm_tsm_client_swg21268775.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 9/25/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_client

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/21/2007

Vulnerability Publication Date: 9/21/2007

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (IBM Tivoli Storage Manager Express CAD Service Buffer Overflow)

Reference Information

CVE: CVE-2007-4880, CVE-2007-5022

BID: 25743

CWE: 119, 200