Summary
This host is installed with IBM TSM Client and is prone to heap based buffer overflow vulnerability.
Vulnerability exists due to an input validation error in TSM Backup-Archive client, which affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler service when the option 'SCHEDMODE' is set to 'PROMPTED'.
Impact
Successful exploitation could allow execution of arbitrary code or cause denial of service.
Impact Level: Application
Solution
Apply patch
http://www-01.ibm.com/support/docview.wss?uid=swg21322623
Affected
- IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.7 - IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2 - IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1 - IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2 - IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1 - IBM Tivoli Storage Manager (TSM) Express all levels
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4801 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Asterisk HTTP Manager Buffer Overflow Vulnerability
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)