Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4828

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4828
Last Modified 19 May 2009 01:28:50
Published 05 May 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4828

Summary

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager Client 5.1

  • Ibm Tivoli Storage Manager Client 5.1.8.0

  • Ibm Tivoli Storage Manager Client 5.1.8.2

  • Ibm Tivoli Storage Manager Client 5.2

  • Ibm Tivoli Storage Manager Client 5.2.5.1

  • Ibm Tivoli Storage Manager Client 5.2.5.2

  • Ibm Tivoli Storage Manager Client 5.2.5.3

  • Ibm Tivoli Storage Manager Client 5.3

  • Ibm Tivoli Storage Manager Client 5.3.5.2

  • Ibm Tivoli Storage Manager Client 5.3.5.3

  • Ibm Tivoli Storage Manager Client 5.3.6.3

  • Ibm Tivoli Storage Manager Client 5.3.6.4

  • Ibm Tivoli Storage Manager Client 5.4

  • Ibm Tivoli Storage Manager Client 5.4.1.1

  • Ibm Tivoli Storage Manager Client 5.4.1.2

  • Ibm Tivoli Storage Manager Client 5.4.1.96

  • Ibm Tivoli Storage Manager Express 5.3

  • Ibm Tivoli Storage Manager Express 5.3.3.0

  • Ibm Tivoli Storage Manager Express 5.3.6.4


References

AIXAPAR - IC59513

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21384389

XF - ibm-tsm-dsmagent-bo(50327)

VUPEN - ADV-2009-1235

BUGTRAQ - 20090504 Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows

MISC - http://secunia.com/secunia_research/2008-55/

SECUNIA - 32604

OSVDB - 54232

OSVDB - 54231


Last Updated: 27 May 2016 10:48:38