Summary
This host is installed with IBM TSM Client and is prone to heap based buffer overflow vulnerability.
Vulnerability exists due to an input validation error in TSM Backup-Archive client, which affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler service when the option 'SCHEDMODE' is set to 'PROMPTED'.
Impact
Successful exploitation could allow execution of arbitrary code or cause denial of service.
Impact Level: Application
Solution
Apply patch
http://www-01.ibm.com/support/docview.wss?uid=swg21322623
Affected
- IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.7 - IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2 - IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1 - IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2 - IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1 - IBM Tivoli Storage Manager (TSM) Express all levels
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4801 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Avaya WinPDM Multiple Buffer Overflow Vulnerabilities
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability