製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM TSM におけるバッファオーバーフローの脆弱性

Title	IBM TSM におけるバッファオーバーフローの脆弱性
Summary	IBM Tivoli Storage Manager (TSM) には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、以下に含まれる過度に長い文字列を介して、サービス運用妨害 (クラッシュ) 状態にされる、および任意のコードを実行される可能性があります。 (1) 0x18 バイトで始まるログオンの language フィールド (2) SmExecuteWdsfSession 関数へのパラメータ (3) オープン登録メッセージ内の contact フィールド
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 6, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

IBM

IBM Spectrum Protect (旧 Tivoli Storage Manager) 5.2.9 未満および 5.3.4 未満の 5.3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5855	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5855
National Vulnerability Database (NVD)
2	CVE-2006-5855	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855

ベンダー情報

No	Name	URL
IBM
1	Tivoli Storage Manager	http://www-947.ibm.com/support/entry/portal/overview//software/tivoli/tivoli_storage_manager

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#350625	http://www.kb.cert.org/vuls/id/350625
2	VU#478753	http://www.kb.cert.org/vuls/id/478753
3	VU#887249	http://www.kb.cert.org/vuls/id/887249

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5855

Summary	Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
Summary	Múltiples desbordamientos de búfer en IBM Tivoli Storage Manager (TSM) anterior a 5.2.9 y 5.3.x anterior a 5.3.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante mediante una cadena larga en (1) el campo language al comenzar la sesión que empieza con un byte 0x18, (2) dos parámetros no especificados a la función SmExecuteWdsfSession , y (3) el campo contact en un mensaje de registro abierto.
Publication Date	Dec. 7, 2006, 4:28 a.m.
Registration Date	Jan. 29, 2021, 3:49 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/23177	cve@mitre.org
2	http://securityreason.com/securityalert/1979	cve@mitre.org
3	http://securitytracker.com/id?1017333	cve@mitre.org
4	http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347	cve@mitre.org
5	http://www-1.ibm.com/support/docview.wss?uid=swg21250261	cve@mitre.org
6	http://www.kb.cert.org/vuls/id/350625	cve@mitre.org
7	http://www.kb.cert.org/vuls/id/478753	cve@mitre.org
8	http://www.kb.cert.org/vuls/id/887249	cve@mitre.org
9	http://www.securityfocus.com/archive/1/453544/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/bid/21440	cve@mitre.org
11	http://www.tippingpoint.com/security/advisories/TSRT-06-14.html	cve@mitre.org
12	http://www.vupen.com/english/advisories/2006/4856	cve@mitre.org
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/30699	cve@mitre.org
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/30701	cve@mitre.org
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/30702	cve@mitre.org
16	http://secunia.com/advisories/23177	af854a3a-2127-422b-91ae-364da2661108
17	http://securityreason.com/securityalert/1979	af854a3a-2127-422b-91ae-364da2661108
18	http://securitytracker.com/id?1017333	af854a3a-2127-422b-91ae-364da2661108
19	http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347	af854a3a-2127-422b-91ae-364da2661108
20	http://www-1.ibm.com/support/docview.wss?uid=swg21250261	af854a3a-2127-422b-91ae-364da2661108
21	http://www.kb.cert.org/vuls/id/350625	af854a3a-2127-422b-91ae-364da2661108
22	http://www.kb.cert.org/vuls/id/478753	af854a3a-2127-422b-91ae-364da2661108
23	http://www.kb.cert.org/vuls/id/887249	af854a3a-2127-422b-91ae-364da2661108
24	http://www.securityfocus.com/archive/1/453544/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
25	http://www.securityfocus.com/bid/21440	af854a3a-2127-422b-91ae-364da2661108
26	http://www.tippingpoint.com/security/advisories/TSRT-06-14.html	af854a3a-2127-422b-91ae-364da2661108
27	http://www.vupen.com/english/advisories/2006/4856	af854a3a-2127-422b-91ae-364da2661108
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/30699	af854a3a-2127-422b-91ae-364da2661108
29	https://exchange.xforce.ibmcloud.com/vulnerabilities/30701	af854a3a-2127-422b-91ae-364da2661108
30	https://exchange.xforce.ibmcloud.com/vulnerabilities/30702	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*