7.2

CVE-2010-4604

Exploit
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmTivoli Storage Manager Version >= 5.3.0 <= 5.3.6.7
   LinuxLinux Kernel Version-
IbmTivoli Storage Manager Version >= 5.4.0 <= 5.4.3.3
   LinuxLinux Kernel Version-
IbmTivoli Storage Manager Version >= 5.5.0 <= 5.5.2.7
   LinuxLinux Kernel Version-
IbmTivoli Storage Manager Version >= 6.1.0 <= 6.1.3
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.562
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://secunia.com/advisories/42639
Vendor Advisory
Broken Link
http://securitytracker.com/id?1024901
Third Party Advisory
Broken Link
VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
Broken Link
http://www.exploit-db.com/exploits/15745
Third Party Advisory
Exploit
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21454745
Vendor Advisory
Broken Link
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
Exploit
Broken Link
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
Broken Link
http://www.securityfocus.com/archive/1/515263/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/3251
Vendor Advisory
Broken Link