CVE-2006-5855

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) versions prior to 5.2.9 IBM Tivoli Storage Manager (TSM) versions 5.3.x prior to 5.3.4

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in several fields. This includes the language field at logon that begins with a 0x18 byte, two unspecified parameters to the SmExecuteWdsfSession function, and the contact field in an open registration message.

Recommendations For IBM Tivoli Storage Manager (TSM) versions prior to 5.2.9, update to version 5.2.9 or later. For IBM Tivoli Storage Manager (TSM) versions 5.3.x prior to 5.3.4, update to version 5.3.4 or later. As a temporary workaround, consider restricting access to the SmExecuteWdsfSession function and limiting the length of input in the language and contact fields to prevent exploitation.