Lucene search

MitreCVE-2008-4563

HistoryMar 11, 2009 - 2:19 p.m.

CVE-2008-4563

2009-03-1114:19:15

CWE-119

mitre

web.nvd.nist.gov

ibm

tivoli

storage manager

tsm

express

buffer overflow

heap-based

vulnerability

nvd

cve-2008-4563

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.828

Percentile

98.4%

JSON

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

Affected configurations

Nvd

Node

microsoftwindows

AND

ibmtivoli_storage_managerMatch5.2

ibmtivoli_storage_managerMatch5.3

ibmtivoli_storage_managerMatch5.3.0

ibmtivoli_storage_managerMatch5.3.1

ibmtivoli_storage_managerMatch5.3.2

ibmtivoli_storage_managerMatch5.3.2.4

ibmtivoli_storage_managerMatch5.3.3

ibmtivoli_storage_managerMatch5.3.4

ibmtivoli_storage_managerMatch5.3.5.1

ibmtivoli_storage_managerMatch5.4.0

ibmtivoli_storage_managerMatch5.4.1

ibmtivoli_storage_managerMatch5.4.2

ibmtivoli_storage_managerMatch5.4.2.2

ibmtivoli_storage_managerMatch5.4.2.3

ibmtivoli_storage_managerMatch5.4.2.4

ibmtivoli_storage_managerMatch5.4.4.0

ibmtivoli_storage_manager_expressMatch5.3

ibmtivoli_storage_manager_expressMatch5.3.3.0

ibmtivoli_storage_manager_expressMatch5.3.6.4

ibmtivoli_storage_manager_expressMatch5.3.7.3

VendorProductVersionCPE
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.2cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.0cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.1cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.2cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.2.4cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.3cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.4cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.3.5.1cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
ibm	tivoli_storage_manager	5.2	cpe:2.3:a:ibm:tivoli_storage_manager:5.2:::::::*
ibm	tivoli_storage_manager	5.3	cpe:2.3:a:ibm:tivoli_storage_manager:5.3:::::::*
ibm	tivoli_storage_manager	5.3.0	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
ibm	tivoli_storage_manager	5.3.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
ibm	tivoli_storage_manager	5.3.2	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
ibm	tivoli_storage_manager	5.3.2.4	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:::::::*
ibm	tivoli_storage_manager	5.3.3	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*
ibm	tivoli_storage_manager	5.3.4	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:::::::*
ibm	tivoli_storage_manager	5.3.5.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:::::::*

Rows per page:

1-10 of 211

References

archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html

labs.idefense.com/intelligence/vulnerabilities/display.php?id=775

osvdb.org/52617

secunia.com/advisories/34245

securitytracker.com/id?1021837

www-01.ibm.com/support/docview.wss?uid=swg21377388

www.securityfocus.com/bid/34077

www.vupen.com/english/advisories/2009/0669

exchange.xforce.ibmcloud.com/vulnerabilities/49188

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.828

Percentile

98.4%

JSON

Related for CVE-2008-4563