Vigil@nce - IBM TSM: privilege escalation
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate a buffer overflow of IBM TSM, in
order to trigger a denial of service, and possibly to execute code.
– Impacted products: Tivoli Storage Manager
– Severity: 2/4
– Creation date: 02/02/2015
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Storage Manager product installs suid root programs.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in one of these programs.
Technical details are unknown.
A local attacker can therefore generate a buffer overflow of IBM
TSM, in order to trigger a denial of service, and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-TSM-privilege-escalation-16092