Intrusion Prevention

IBM.Tivoli.Storage.Manager.Express.Backup.Heap.Corruption

Description

This indicates an attack attempt against a buffer-overflow vulnerability in IBM Tivoli Storage Manager.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted message. It allows a remote attacker to execute arbitrary code.

Affected Products

IBM Tivoli Storage Manager Express 5.3.7 3
IBM Tivoli Storage Manager Express 5.3
IBM Tivoli Storage Manager 5.4.4 .0
IBM Tivoli Storage Manager 5.4.2 4
IBM Tivoli Storage Manager 5.4.2 3
IBM Tivoli Storage Manager 5.4.2 2
IBM Tivoli Storage Manager 5.3.6 9
IBM Tivoli Storage Manager 5.3.6 2
IBM Tivoli Storage Manager 5.3.6 1
IBM Tivoli Storage Manager 5.3.4
IBM Tivoli Storage Manager 5.2.9
IBM Tivoli Storage Manager 5.2.5 3
IBM Tivoli Storage Manager 5.2.5 2
IBM Tivoli Storage Manager 5.2.4
IBM Tivoli Storage Manager 5.1.8 2
IBM Tivoli Storage Manager 5.1.8 1
IBM Tivoli Storage Manager 4.2.1 .32
IBM Tivoli Storage Manager 4.2.1 .15
IBM Tivoli Storage Manager 4.2.1
IBM Tivoli Storage Manager 4.2
IBM Tivoli Storage Manager 5.4
IBM Tivoli Storage Manager 5.3.5.1
IBM Tivoli Storage Manager 5.3.2.4
IBM Tivoli Storage Manager 5.3

Impact

System Compromise

Recommended Actions

Apply the patch available at the following web site:
http://www-01.ibm.com/support/docview.wss?uid=swg21377388

CVE References

CVE-2008-4563