"This problem relates to an internal buffer overflow in TSM, but IBM does not believe it is possible to exploit this buffer overflow for remote code execution," the advisory said. "However, this exposure can be used to crash the TSM server."
Intrusion prevention system provider TippingPoint reported Monday that TSM, which provides automatic data backup and centralised storage management, suffers from vulnerabilities that do not require authentication and can lead to the execution of arbitrary code. The bugs are related to the way in which the solution process messages on the transmission protocol control (TCP) port 1500.
"As no validation is done on the index fields, an attacker can force the service to look beyond the end of the packet, often landing in the unallocated memory and resulting in a denial of service," the TippingPoint advisory said.
Secunia, which rated the flaws "moderately critical" in an advisory today, recommends users apply a patch that IBM has made available.
Click here to email Dan Kaplan.
IBM: Trivoli Storage Manager flaws can't be exploited
By Dan Kaplan on Dec 5, 2006 9:55PM
Multiple buffer overflow vulnerabilities in IBM Tivoli Storage Manager (TSM), disclosed Monday by a security firm, cannot be exploited to compromise a user's system, Big Blue said today in an advisory.
Got a news tip for our journalists? Share it with us anonymously here.