IBM: Trivoli Storage Manager flaws can’t be exploited

Multiple buffer overflow vulnerabilities in IBM Tivoli Storage Manager (TSM), disclosed Monday by a security firm, cannot be exploited to compromise a user's system, Big Blue said today in an advisory.

"This problem relates to an internal buffer overflow in TSM, but IBM does not believe it is possible to exploit this buffer overflow for remote code execution," the advisory said. "However, this exposure can be used to crash the TSM server."

Intrusion prevention system provider TippingPoint reported Monday that TSM, which provides automatic data backup and centralized storage management, suffers from vulnerabilities that do not require authentication and can lead to the execution of arbitrary code. The bugs are related to the way in which the solution process messages on the transmission protocol control (TCP) port 1500.

"As no validation is done on the index fields, an attacker can force the service to look beyond the end of the packet, often landing in the unallocated memory and resulting in a denial of service," the TippingPoint advisory said.

Secunia, which rated the flaws "moderately critical" in an advisory today, recommends users apply a patch that IBM has made available.

Click here to email Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.