Release DateJan 17, 2008 |
Severitycritical |
ImpactSystem Compromise: remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager Express.The vulnerability is in the TSM Express Backup Server service (dsmsvc.exe). An attacker can overflow a heap buffer via a user supplied length value. This makes it possible to execute arbitrary code on vulnerable installations. Authentication is not required to exploit this vulnerability. |
Affected ProductsIBM Tivoli Storage Manager Express 5.3. |
Recommended ActionsUpgrade to IBM Tivoli Storage Manager Express 5.3.7.3.ftp://service.boulder.ibm.com/storage/tivoli-storage-management/patches/express/NT/5.3.7.3/TSMEXP5373.exe |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-0247 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-08-001.htmlhttp://www.securityfocus.com/bid/27235 (BugTraq) http://www.frsirt.com/english/advisories/2008/0106 (FrSIRT) |
