Lucene search

MitreCVE-2010-3759

HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3759

2010-10-0522:00:06

CWE-94

mitre

web.nvd.nist.gov

cve-2010-3759

ibm tivoli storage manager

fastback

remote code execution

udp packet

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.062

Percentile

93.7%

JSON

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058.

Affected configurations

Nvd

Node

ibmtivoli_storage_manager_fastbackMatch5.5.0

ibmtivoli_storage_manager_fastbackMatch5.5.1

ibmtivoli_storage_manager_fastbackMatch5.5.2

ibmtivoli_storage_manager_fastbackMatch5.5.2.0

ibmtivoli_storage_manager_fastbackMatch5.5.3.0

ibmtivoli_storage_manager_fastbackMatch5.5.4.0

ibmtivoli_storage_manager_fastbackMatch5.5.5.0

ibmtivoli_storage_manager_fastbackMatch5.5.6.0

ibmtivoli_storage_manager_fastbackMatch6.1.0.0

ibmtivoli_storage_manager_fastbackMatch6.1.0.1

VendorProductVersionCPE
ibmtivoli_storage_manager_fastback5.5.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.1cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.2cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.2.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.3.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.4.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.5.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback5.5.6.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.0.0cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.0.1cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager_fastback	5.5.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0:::::::*
ibm	tivoli_storage_manager_fastback	5.5.1	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1:::::::*
ibm	tivoli_storage_manager_fastback	5.5.2	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2:::::::*
ibm	tivoli_storage_manager_fastback	5.5.2.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0:::::::*
ibm	tivoli_storage_manager_fastback	5.5.3.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0:::::::*
ibm	tivoli_storage_manager_fastback	5.5.4.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0:::::::*
ibm	tivoli_storage_manager_fastback	5.5.5.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0:::::::*
ibm	tivoli_storage_manager_fastback	5.5.6.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0:::::::*
ibm	tivoli_storage_manager_fastback	6.1.0.0	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:::::::*
ibm	tivoli_storage_manager_fastback	6.1.0.1	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IC69883

www.ibm.com/support/docview.wss?uid=swg21443820

www.securityfocus.com/archive/1/514068/100/0/threaded

zerodayinitiative.com/advisories/ZDI-10-179/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.062

Percentile

93.7%

JSON

Related for CVE-2010-3759