10

CVE-2008-4801

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

Data is provided by the National Vulnerability Database (NVD)
IbmTivoli Storage Manager Client Version >= 5.1 <= 5.1.8.1
IbmTivoli Storage Manager Client Version >= 5.2 <= 5.2.5.2
IbmTivoli Storage Manager Client Version >= 5.3 <= 5.3.6.1
IbmTivoli Storage Manager Client Version >= 5.4 <= 5.4.2.2
IbmTivoli Storage Manager Client Version >= 5.5.0.0 <= 5.5.0.91
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 33.61% 0.965
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/31988
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1021122
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-071/
Patch
Third Party Advisory
VDB Entry