Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4801

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4801
Last Modified 07 Mar 2011 10:13:19
Published 30 Oct 2008 08:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4801

Summary

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager 5.2.7

  • Ibm Tivoli Storage Manager 5.2.8

  • Ibm Tivoli Storage Manager 5.2.9

  • Ibm Tivoli Storage Manager 5.3.1

  • Ibm Tivoli Storage Manager 5.3.2

  • Ibm Tivoli Storage Manager 5.3.3

  • Ibm Tivoli Storage Manager Client 5.1

  • Ibm Tivoli Storage Manager Client 5.1.8.0

  • Ibm Tivoli Storage Manager Client 5.1.8.1

  • Ibm Tivoli Storage Manager Client 5.2

  • Ibm Tivoli Storage Manager Client 5.2.5.1

  • Ibm Tivoli Storage Manager Client 5.2.5.2

  • Ibm Tivoli Storage Manager Client 5.3

  • Ibm Tivoli Storage Manager Client 5.3.5.2

  • Ibm Tivoli Storage Manager Client 5.3.5.3

  • Ibm Tivoli Storage Manager Client 5.3.6.1

  • Ibm Tivoli Storage Manager Client 5.4

  • Ibm Tivoli Storage Manager Client 5.4.1.1

  • Ibm Tivoli Storage Manager Client 5.4.1.2

  • Ibm Tivoli Storage Manager Client 5.4.2.2

  • Ibm Tivoli Storage Manager Client 5.5.0.0

  • Ibm Tivoli Storage Manager Client 5.5.0.91

  • Ibm Tivoli Storage Manager Express


References

XF - ibm-tsm-backuparchiveclient-bo(46208)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-071/

BID - 31988

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21322623

SECUNIA - 32465

VUPEN - ADV-2008-2969

SECTRACK - 1021122

BUGTRAQ - 20081030 ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

AIXAPAR - IC56773


Last Updated: 27 May 2016 10:48:38