[NT] Tivoli Storage Manager Web Server Found to Contain a Buffer Overflow

From: support@securiteam.com
Date: 04/14/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Sun, 14 Apr 2002 22:10:33 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Tivoli Storage Manager Web Server Found to Contain a Buffer Overflow
------------------------------------------------------------------------

SUMMARY

The web server bound to TCP port 1580 (service name: dsmsvc.exe) has been
found to contain a buffer overflow condition. If an attacker would try to
login, using the login form, with a username of approximately 1976
characters long, the service would crash, overwriting the EIP address.
This of course would lead the execution of arbitrary code compromising the
system's security.

DETAILS

Vulnerable systems:
Tivoli Storage Manager Web Server versions prior to 4.2.1.5

Immune systems:
Tivoli Storage Manager Web Server version 4.2.1.15 and above

ADDITIONAL INFORMATION

The information has been provided by <mailto:patrik@cqure.net> Patrik
Karlsson.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] Poisoning Cached HTTPS Documents in Internet Explorer
    ... Get your security news from a reliable source. ... "poison" a user's browser cache with a malicious document that will later ... The attacker can exploit this vulnerability for "replacing" HTML ... to communicate with a malicious web server over HTTPS without the browser ...
    (Securiteam)
  • [NT] Webserver 4D Weak Password Preservation Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ...
    (Securiteam)
  • Re: 2003 Web Server Security flaw
    ... "Locked-down windows 2003 Web Server used only to host web sites". ... What is your logic/rationale for Media Player being a required install ... The Media Player patch was the ONLY that FAILED. ... > When talking about computer security, there are areas that have no such ...
    (microsoft.public.windows.server.security)
  • Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)
    ... SECURITY PROBLEMS WITH WEB SERVERS' SESSION TRACKING MECHANISMS. ... 2001 we reported the following problem (with specifics to IIS and SITESERVER) to the Microsoft Security Response Center. ... These vulnerabilities, especially when combined with well-known cross-site scripting vulnerabilities, could cause loss of confidentiality, failure of non-repudiation and fraud. ... The browser stores and returns the "ASPSESSIONID" or "CFID/CFTOKEN" values with each subsequent request to the web server. ...
    (Vuln-Dev)
  • [NT] Easy File Sharing Web Server File Access and DoS
    ... Get your security news from a reliable source. ... Easy File Sharing Web Server also provides a Bulletin Board System ... It allows remote users to post messages and files to the forum. ...
    (Securiteam)