Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4563

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4563
Last Modified 05 Jan 2012 12:00:00
Published 11 Mar 2009 10:19:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4563

Summary

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager 5.2

  • Ibm Tivoli Storage Manager 5.3

  • Ibm Tivoli Storage Manager 5.3.0

  • Ibm Tivoli Storage Manager 5.3.1

  • Ibm Tivoli Storage Manager 5.3.2

  • Ibm Tivoli Storage Manager 5.3.2.4

  • Ibm Tivoli Storage Manager 5.3.3

  • Ibm Tivoli Storage Manager 5.3.4

  • Ibm Tivoli Storage Manager 5.3.5.1

  • Ibm Tivoli Storage Manager 5.4.0

  • Ibm Tivoli Storage Manager 5.4.1

  • Ibm Tivoli Storage Manager 5.4.2

  • Ibm Tivoli Storage Manager 5.4.2.2

  • Ibm Tivoli Storage Manager 5.4.2.3

  • Ibm Tivoli Storage Manager 5.4.2.4

  • Ibm Tivoli Storage Manager 5.4.4.0

  • Ibm Tivoli Storage Manager Express 5.3

  • Ibm Tivoli Storage Manager Express 5.3.3.0

  • Ibm Tivoli Storage Manager Express 5.3.6.4

  • Ibm Tivoli Storage Manager Express 5.3.7.3


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21377388

XF - tivoli-tsm-adsmdll-bo(49188)

VUPEN - ADV-2009-0669

BID - 34077

SECTRACK - 1021837

SECUNIA - 34245

OSVDB - 52617

IDEFENSE - 20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability

FULLDISC - 20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption


Last Updated: 27 May 2016 10:48:32