ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
From: [email protected]
To: [email protected], [email protected],
Subject: ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
Vulnerability
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006
Sender: [email protected]
Message-ID: <OFB132DFC5.AB4657A5-ON88257360.0079848A-88257360.007A7D21@3com.com.>
Date: Mon, 24 Sep 2007 15:17:55 -0700
X-MIMETrack: Serialize by Router on USUT001/US/3Com(Release 6.5.5FP2|October 23, 2006) at
09/24/2007 03:17:57 PM,
Serialize complete at 09/24/2007 03:17:57 PM
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: base64
X-Virus-Scanned: antivirus-gw at tyumen.ru
WkRJLTA3LTA1NDogSUJNIFRpdm9saSBTdG9yYWdlIE1hbmFnZXIgRXhwcmVzcyBDQUQgU2Vydmlj
ZSBCdWZmZXINCiAgICAgICAgICAgIE92ZXJmbG93IFZ1bG5lcmFiaWxpdHkNCmh0dHA6Ly93d3cu
emVyb2RheWluaXRpYXRpdmUuY29tL2Fkdmlzb3JpZXMvWkRJLTA3LTA1NC5odG1sDQpTZXB0ZW1i
ZXIgMjQsIDIwMDcNCg0KLS0gQ1ZFIElEOg0KQ1ZFLTIwMDctNDg4MA0KDQotLSBBZmZlY3RlZCBW
ZW5kb3I6DQpJQk0NCg0KLS0gQWZmZWN0ZWQgUHJvZHVjdHM6DQpUaXZvbGkgU3RvcmFnZSBNYW5h
Z2VyIEV4cHJlc3MgYmFja3VwIGNsaWVudHMNClRpdm9saSBTdG9yYWdlIE1hbmFnZXIgVjUuMSBi
YWNrdXAgY2xpZW50cw0KVGl2b2xpIFN0b3JhZ2UgTWFuYWdlciBWNS4yIGJhY2t1cCBjbGllbnRz
DQpUaXZvbGkgU3RvcmFnZSBNYW5hZ2VyIFY1LjMgYmFja3VwIGNsaWVudHMNClRpdm9saSBTdG9y
YWdlIE1hbmFnZXIgVjUuNCBiYWNrdXAgY2xpZW50cw0KDQotLSBUaXBwaW5nUG9pbnQoVE0pIElQ
UyBDdXN0b21lciBQcm90ZWN0aW9uOg0KVGlwcGluZ1BvaW50IElQUyBjdXN0b21lcnMgaGF2ZSBi
ZWVuIHByb3RlY3RlZCBhZ2FpbnN0IHRoaXMNCnZ1bG5lcmFiaWxpdHkgc2luY2UgU2VwdGVtYmVy
IDI0LCAyMDA3IGJ5IERpZ2l0YWwgVmFjY2luZSBwcm90ZWN0aW9uDQpmaWx0ZXIgSUQgNTM1MS4g
Rm9yIGZ1cnRoZXIgcHJvZHVjdCBpbmZvcm1hdGlvbiBvbiB0aGUgVGlwcGluZ1BvaW50IElQUzoN
Cg0KICAgIGh0dHA6Ly93d3cudGlwcGluZ3BvaW50LmNvbSANCg0KLS0gVnVsbmVyYWJpbGl0eSBE
ZXRhaWxzOg0KVGhpcyB2dWxuZXJhYmlsaXR5IGFsbG93cyByZW1vdGUgYXR0YWNrZXJzIHRvIGV4
ZWN1dGUgYXJiaXRyYXJ5IGNvZGUgb24NCnZ1bG5lcmFibGUgaW5zdGFsbGF0aW9ucyBvZiBJQk0g
VGl2b2xpIFN0b3JhZ2UgTWFuYWdlciBFeHByZXNzLg0KQXV0aGVudGljYXRpb24gaXMgbm90IHJl
cXVpcmVkIHRvIGV4cGxvaXQgdGhpcyB2dWxuZXJhYmlsaXR5Lg0KDQpUaGUgc3BlY2lmaWMgZmxh
dyBleGlzdHMgaW4gdGhlIGRzbWNhZC5leGUgcHJvY2VzcyBib3VuZCBieSBkZWZhdWx0IG9uDQpU
Q1AgcG9ydCAxNTgxLiBEdXJpbmcgSFRUUCBoZWFkZXIgcGFyc2luZywgYSBob3N0IHBhcmFtZXRl
ciBvZg0Kc3VmZmljaWVudCBsZW5ndGggd2lsbCB0cmlnZ2VyIGFuIG92ZXJmbG93IHRocm91Z2gg
YSBjYWxsIHRvDQp2c3dwcmludGYoKS4gVGhlIGNhbGwgb3ZlcmZsb3dzIGludG8gaW1wb3J0ZWQg
ZnVuY3Rpb24gcG9pbnRlcnMgd2hpY2gNCmFyZSBsYXRlciBjYWxsZWQuIEV4cGxvaXRhdGlvbiBv
ZiB0aGlzIGlzc3VlIGNhbiByZXN1bHQgaW4gYXJiaXRyYXJ5DQpjb2RlIGV4ZWN1dGlvbi4NCg0K
LS0gVmVuZG9yIFJlc3BvbnNlOg0KSUJNIGhhcyBpc3N1ZWQgYW4gdXBkYXRlIHRvIGNvcnJlY3Qg
dGhpcyB2dWxuZXJhYmlsaXR5LiBNb3JlIGRldGFpbHMgY2FuDQpiZSBmb3VuZCBhdDoNCg0KaHR0
cDovL3d3dy0xLmlibS5jb20vc3VwcG9ydC9kb2N2aWV3Lndzcz91aWQ9c3dnMjEyNjg3NzUNCg0K
LS0gRGlzY2xvc3VyZSBUaW1lbGluZToNCjIwMDcuMDUuMjIgLSBWdWxuZXJhYmlsaXR5IHJlcG9y
dGVkIHRvIHZlbmRvcg0KMjAwNy4wOS4yNCAtIERpZ2l0YWwgVmFjY2luZSByZWxlYXNlZCB0byBU
aXBwaW5nUG9pbnQgY3VzdG9tZXJzDQoyMDA3LjA5LjI0IC0gQ29vcmRpbmF0ZWQgcHVibGljIHJl
bGVhc2Ugb2YgYWR2aXNvcnkNCg0KLS0gQ3JlZGl0Og0KVGhpcyB2dWxuZXJhYmlsaXR5IHdhcyBk
aXNjb3ZlcmVkIGJ5IFNlYmFzdGlhbiBBcGVsdA0KKHdlYm1hc3RlckBidXp6d29ybGQub3JnKS4N
Cg0KLS0gQWJvdXQgdGhlIFplcm8gRGF5IEluaXRpYXRpdmUgKFpESSk6DQpFc3RhYmxpc2hlZCBi
eSBUaXBwaW5nUG9pbnQsIGEgZGl2aXNpb24gb2YgM0NvbSwgVGhlIFplcm8gRGF5IEluaXRpYXRp
dmUNCihaREkpIHJlcHJlc2VudHMgYSBiZXN0LW9mLWJyZWVkIG1vZGVsIGZvciByZXdhcmRpbmcg
c2VjdXJpdHkNCnJlc2VhcmNoZXJzIGZvciByZXNwb25zaWJseSBkaXNjbG9zaW5nIGRpc2NvdmVy
ZWQgdnVsbmVyYWJpbGl0aWVzLg0KDQpSZXNlYXJjaGVycyBpbnRlcmVzdGVkIGluIGdldHRpbmcg
cGFpZCBmb3IgdGhlaXIgc2VjdXJpdHkgcmVzZWFyY2gNCnRocm91Z2ggdGhlIFpESSBjYW4gZmlu
ZCBtb3JlIGluZm9ybWF0aW9uIGFuZCBzaWduLXVwIGF0Og0KDQogICAgaHR0cDovL3d3dy56ZXJv
ZGF5aW5pdGlhdGl2ZS5jb20NCg0KVGhlIFpESSBpcyB1bmlxdWUgaW4gaG93IHRoZSBhY3F1aXJl
ZCB2dWxuZXJhYmlsaXR5IGluZm9ybWF0aW9uIGlzIHVzZWQuDQozQ29tIGRvZXMgbm90IHJlLXNl
bGwgdGhlIHZ1bG5lcmFiaWxpdHkgZGV0YWlscyBvciBhbnkgZXhwbG9pdCBjb2RlLg0KSW5zdGVh
ZCwgdXBvbiBub3RpZnlpbmcgdGhlIGFmZmVjdGVkIHByb2R1Y3QgdmVuZG9yLCAzQ29tIHByb3Zp
ZGVzIGl0cw0KY3VzdG9tZXJzIHdpdGggemVybyBkYXkgcHJvdGVjdGlvbiB0aHJvdWdoIGl0cyBp
bnRydXNpb24gcHJldmVudGlvbg0KdGVjaG5vbG9neS4gRXhwbGljaXQgZGV0YWlscyByZWdhcmRp
bmcgdGhlIHNwZWNpZmljcyBvZiB0aGUNCnZ1bG5lcmFiaWxpdHkgYXJlIG5vdCBleHBvc2VkIHRv
IGFueSBwYXJ0aWVzIHVudGlsIGFuIG9mZmljaWFsIHZlbmRvcg0KcGF0Y2ggaXMgcHVibGljbHkg
YXZhaWxhYmxlLiBGdXJ0aGVybW9yZSwgd2l0aCB0aGUgYWx0cnVpc3RpYyBhaW0gb2YNCmhlbHBp
bmcgdG8gc2VjdXJlIGEgYnJvYWRlciB1c2VyIGJhc2UsIDNDb20gcHJvdmlkZXMgdGhpcyB2dWxu
ZXJhYmlsaXR5DQppbmZvcm1hdGlvbiBjb25maWRlbnRpYWxseSB0byBzZWN1cml0eSB2ZW5kb3Jz
IChpbmNsdWRpbmcgY29tcGV0aXRvcnMpDQp3aG8gaGF2ZSBhIHZ1bG5lcmFiaWxpdHkgcHJvdGVj
dGlvbiBvciBtaXRpZ2F0aW9uIHByb2R1Y3QuDQoNCg0KQ09ORklERU5USUFMSVRZIE5PVElDRTog
VGhpcyBlLW1haWwgbWVzc2FnZSwgaW5jbHVkaW5nIGFueSBhdHRhY2htZW50cywNCmlzIGJlaW5n
IHNlbnQgYnkgM0NvbSBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRlZCByZWNpcGllbnQo
cykgYW5kDQptYXkgY29udGFpbiBjb25maWRlbnRpYWwsIHByb3ByaWV0YXJ5IGFuZC9vciBwcml2
aWxlZ2VkIGluZm9ybWF0aW9uLg0KQW55IHVuYXV0aG9yaXplZCByZXZpZXcsIHVzZSwgZGlzY2xv
c3VyZSBhbmQvb3IgZGlzdHJpYnV0aW9uIGJ5IGFueSANCnJlY2lwaWVudCBpcyBwcm9oaWJpdGVk
LiAgSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlDQpkZWxldGUg
YW5kL29yIGRlc3Ryb3kgYWxsIGNvcGllcyBvZiB0aGlzIG1lc3NhZ2UgcmVnYXJkbGVzcyBvZiBm
b3JtIGFuZA0KYW55IGluY2x1ZGVkIGF0dGFjaG1lbnRzIGFuZCBub3RpZnkgM0NvbSBpbW1lZGlh
dGVseSBieSBjb250YWN0aW5nIHRoZQ0Kc2VuZGVyIHZpYSByZXBseSBlLW1haWwgb3IgZm9yd2Fy
ZGluZyB0byAzQ29tIGF0IHBvc3RtYXN0ZXJAM2NvbS5jb20uIA0K