Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4880

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4880
Last Modified 07 Mar 2011 09:59:21
Published 27 Sep 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4880

Summary

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager Client 5.1

  • Ibm Tivoli Storage Manager Client 5.1.8.0

  • Ibm Tivoli Storage Manager Client 5.2

  • Ibm Tivoli Storage Manager Client 5.2.5.1

  • Ibm Tivoli Storage Manager Client 5.3

  • Ibm Tivoli Storage Manager Client 5.3.5.2

  • Ibm Tivoli Storage Manager Client 5.4

  • Ibm Tivoli Storage Manager Client 5.4.1.1


References

BID - 25743

AIXAPAR - IC52905

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21268775

XF - ibm-tsm-cad-bo(36700)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-054.html

VUPEN - ADV-2007-3228

SECTRACK - 1018725

BUGTRAQ - 20070924 ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability

SECUNIA - 26883

OSVDB - 38161

SREASON - 3184


Last Updated: 27 May 2016 10:45:58