CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 10/26/2007
CVE: CVE-2007-4880
BID: 25743
OSVDB: 38161
IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon (CAD) on port 1581/TCP.
A buffer overflow vulnerability in Tivoli Storage Manager Express allows remote attackers to execute arbitrary commands by sending a long, specially crafted HTTP Host header to the Client Acceptor Daemon.
Apply the appropriate patch from IBM.
<http://www.zerodayinitiative.com/advisories/ZDI-07-054.html>
Exploit works on IBM Tivoli Storage Manager Express Client 5.3.
Windows 2000
Windows XP