IBM.Tivoli.Storage.Manager.Express.dsmsvc.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager Express.
The vulnerability is in the TSM Express Backup Server service (dsmsvc.exe). An attacker can overflow a heap buffer via a user supplied length value. This makes it possible to execute arbitrary code on vulnerable installations. Authentication is not required to exploit this vulnerability.

affected-products-logoAffected Products

IBM Tivoli Storage Manager Express 5.3.

Impact logoImpact

System Compromise: remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to IBM Tivoli Storage Manager Express 5.3.7.3.
ftp://service.boulder.ibm.com/storage/tivoli-storage-management/patches/express/NT/5.3.7.3/TSMEXP5373.exe

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)