26th Sep 2002 [SBWID-5258]
COMMAND
	Tivoli Storage Manager webserver buffer overflow (client & server)
SYSTEMS AFFECTED
	Tivoli Storage Manager version 4.2.x.x.
PROBLEM
	Patrik     Karlsson     &     Jonas     Ländin     of     iXsecurity
	[http://www.ixsecurity.com] reported :
	 Client side
	 ===========
	A request for  the  URL  A.AAAAA....approximately_1292_more_A's  to  the
	webserver running on port 1581 (TSM Client Acceptor) will  result  in  a
	crash, overwriting EIP. The buffer overwriting EIP is  in  a  widestring
	format, making it a little more difficult, although not  impossible,  to
	exploit.
	-Also-
	 Server side
	 ===========
	The  webserver  bound  to  1580  (dsmsvc.exe)  has  a  buffer   overflow
	condition. If an attacker would login, using  the  login  form,  with  a
	username of approx. 1976 characters long, he would overwrite  EIP.  This
	would lead to the service crashing, and  the  possibility  of  arbitrary
	code execution.
SOLUTION
	Apply Patches V4.2.1.32 from :
	
	http://www.tivoli.com/support/storage_mgr/clients.html
	
	and patch V4.2.1.15 from :
	
	http://www.tivoli.com/support/storage_mgr/servers.html