Vulnerability CVE-2008-4563
Published: 2009-03-11   Modified: 2012-02-12

Description:
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Tivoli storage manager 
IBM -> Tivoli storage manager express 

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg21377388
http://xforce.iss.net/xforce/xfdb/49188
http://www.vupen.com/english/advisories/2009/0669
http://www.securityfocus.com/bid/34077
http://securitytracker.com/id?1021837
http://secunia.com/advisories/34245
http://osvdb.org/52617
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
Copyright 2024, cxsecurity.com

 

Back to Top