Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow

Added: 05/11/2009
CVE: CVE-2008-4828
BID: 34803
OSVDB: 54232

Background

IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon (CAD) on ports 1581/TCP and 1582/TCP. The Client Acceptor Daemon, upon receiving a request over the network, starts the Remote Client Agent service (dsmagent.exe) which listens on port 1584/TCP.

Problem

A buffer overflow vulnerability in the Remote Client Agent service allows remote attackers to execute arbitrary commands by sending a dicuGetIdentify Request with a long, specially crafted NodeName parameter.

Resolution

Apply a security fix.

References

http://secunia.com/secunia_research/2008-55/

Limitations

Exploit works on Tivoli Storage Manager Backup Client 5.3.6.2.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index