A fix is available
APAR status
Closed as program error.
Error description
IBM Tivoli Monitoring is vulnerable to a stack-based buffer overflow. Specially crafted input by a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Local fix
Problem summary
The IBM Tivoli Monitoring server is vulnerable to a stack-based buffer overflow. Specially crafted input by a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Problem conclusion
The fix for this APAR is contained in the following maintenance packages: The code has been changed to accept only fixed-length input buffers which eliminates any possible buffer overflow. | fix pack | 6.3.0-TIV-ITM-FP0002 | Interim Fix | 6.2.3-TIV-FP0005-IV85845 | Interim Fix | 6.2.2-TIV-FP0009-IV85845 See Security Bulletin fix links and details: http://www-01.ibm.com/support/docview.wss?uid=swg21984578
Temporary fix
Comments
APAR Information
APAR number
IV85845
Reported component name
TEMS
Reported component ID
5724C04MS
Reported release
630
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-06-19
Closed date
2018-09-27
Last modified date
2018-09-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TEMS
Fixed component ID
5724C04MS
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 March 2023