Lucene search

SAINT CorporationSAINT:393926B992D2B260DC4D80AFD1486AA5

HistoryMar 12, 2009 - 12:00 a.m.

Tivoli Storage Manager heap corruption

2009-03-1200:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.828

Percentile

98.4%

JSON

Added: 03/12/2009
CVE: CVE-2008-4563
BID: 34077

Background

IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations.

Problem

A heap overflow allows remote attackers to execute arbitrary commands.

Resolution

Apply the workaround or solution described in the IBM advisory.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775>

Limitations

Exploit works on Tivoli Storage Manager Express Server 5.3.7.3 on Windows Server 2003.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.828

Percentile

98.4%

JSON

Related for SAINT:393926B992D2B260DC4D80AFD1486AA5