CVE-2008-4828

Sažetak

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

Reference

http://osvdb.org/54231
http://osvdb.org/54232
http://secunia.com/advisories/32604
http://secunia.com/secunia_research/2008-55/
http://www.securityfocus.com/archive/1/503182/100/0/threaded
http://www.vupen.com/english/advisories/2009/1235
http://www-01.ibm.com/support/docview.wss?uid=swg21384389
http://www-1.ibm.com/support/docview.wss?uid=swg1IC59513
https://exchange.xforce.ibmcloud.com/vulnerabilities/50327

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2018 - 20:52

Objavljeno

05-05-2009 - 17:30