Critical

CVE-2008-4563 - Buffer Errors vulnerability in IBM Tivoli Storage Manager Express

Publication: 2009-03-11
Summary

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • IBM Tivoli Storage Manager 5.2
  • IBM Tivoli Storage Manager Express 5.3
  • IBM Tivoli Storage Manager 5.3
  • IBM Tivoli Storage Manager 5.3.0
  • IBM Tivoli Storage Manager 5.3.1
  • IBM Tivoli Storage Manager 5.3.2.4
  • IBM Tivoli Storage Manager 5.3.2
  • IBM Tivoli Storage Manager 5.3.3
  • IBM Tivoli Storage Manager Express 5.3.3.0
  • IBM Tivoli Storage Manager 5.3.4
  • IBM Tivoli Storage Manager 5.3.5.1
  • IBM Tivoli Storage Manager Express 5.3.6.4
  • IBM Tivoli Storage Manager Express 5.3.7.3
  • IBM Tivoli Storage Manager 5.4.0
  • IBM Tivoli Storage Manager 5.4.1
  • IBM Tivoli Storage Manager 5.4.2.3
  • IBM Tivoli Storage Manager 5.4.2.4
  • IBM Tivoli Storage Manager 5.4.2.2
  • IBM Tivoli Storage Manager 5.4.2
  • IBM Tivoli Storage Manager 5.4.4.0