News & Media
Become a member »
» ESB-2012.0478 - [Win] IBM Cognos: Execute arbitrary ...
ESB-2012.0478 - [Win] IBM Cognos: Execute arbitrary code/commands - Remote/unauthenticated
17 May 2012
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0478 IBM Cognos tm1admsd.exe multiple buffer overflow 17 May 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Cognos Publisher: IBM Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-0202 Original Bulletin: http://xforce.iss.net/xforce/xfdb/73182 - --------------------------BEGIN INCLUDED TEXT-------------------- IBM Cognos tm1admsd.exe multiple buffer overflow cognos-tm1admsd-bo (73182) The risk level is classified as High High Risk Description: IBM Cognos is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking by the tm1admsd.exe binary. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. *CVSS: Base Score: 10 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete Temporal Score: 7.4 Exploitability: Unproven Remediation Level: Official-Fix Report Confidence: Confirmed Consequences: Gain Access Remedy: For IBM Cognos Express: Refer to IBM Flash (Alert) 1590314 for patch, upgrade or suggested workaround information. See References. For IBM Cognos TM1: Refer to IBM Security Bulletin 1592222 for patch, upgrade or suggested workaround information. See References. References: * IBM Flash (Alert) 1590314: Security Bulletin: IBM Cognos TM1 Admin Server vulnerabilities (CVE-2012-0202). * IBM Security Bulletin 1592222: IBM Cognos Express Admin Server vulnerabilities (CVE-2012-0202). * BID-52847: IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability * CVE-2012-0202: Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. * SA48568: IBM Cognos TM1 Admin Server Buffer Overflow Vulnerability * SA49192: IBM Cognos Express ICAS Admin Server Buffer Overflow Vulnerability Platforms Affected: * IBM Cognos Express 9.0 * IBM Cognos Express 9.5 * IBM Cognos TM1 9.4 MR1 * IBM Cognos TM1 9.5 Reported: Apr 09, 2012 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT7ScVu4yVqjM2NGpAQIvZBAAhL+8yXG9IwaBBcycYHDgdXD+fjEhYxyn B1y8OuOQtsiQLcu3rzUFulAjiQ5G/eDdAxL6zbrq0AFpwnscUw4oOwec3e1IvS6C LacHKSFzts3YsgYR+KeIkPO8ptq+1QvKJLtk/pTFlQ5+Q1YCrHmEhlNjLFdS7FGB Did/DThGEX72ral6VaNZqf5gvsDnKz4SbUHbIfeOzF37pwY9XC+2PqhNQy14YcDG VGCiL3VTTKIiyJs07weG7rUHGsQS9i/26eAEExh3sqx0NQdOD+p6Emewoi4Qz0Qf xqT6LGXbBTj7qjR9PsFIgJAn4ngCqEHhpdZN3h5EWo9FudvZTrp+UVaiWr7y5fjW oULATmpeFyy0pvDVu03PKqz0TAIZiritBye1nQyn2kHbta1qtbgzK/Uoti6/fwIM AP7GONyqnoo7q8dfKWOkKR4yI+Gg2g3pV3E530bdTSa6OyeL5Z2CjqmuAtjGg1ig RDa9ggXcxtyuCYKDvt1MOx/7JWFbbuBUhVjjcQ0fxBe8Eq0b7Nyk9zTV1LLejRpU YaknmSI1dTTUEj9dTmR7+XWdLhPC5QOxO07eLKPQRWE5biH8tTlkUa3hfEuy36rC NC/aMNM78Ll86vRr4sJrPnOK3ytwC1PN3IcXoDtJpA4cNtnKOwGvvY9I6wOWDA0l dRfdnXrkwRo= =Hzr2 -----END PGP SIGNATURE-----
Comments? Click here