CVE-2008-4801

Published Oct 31, 2008

Last updated 6 years ago

Overview

Description: Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB2004B-D192-466B-8D82-054DBF48CF46",
            "versionEndIncluding": "5.1.8.1",
            "versionStartIncluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47EB988A-4087-4AFA-B80D-2B9F4960FE67",
            "versionEndIncluding": "5.2.5.2",
            "versionStartIncluding": "5.2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B92E241-555F-4D68-B090-740DEA7CE674",
            "versionEndIncluding": "5.3.6.1",
            "versionStartIncluding": "5.3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B114A3EE-376F-4C45-8768-5D0BC4439808",
            "versionEndIncluding": "5.4.2.2",
            "versionStartIncluding": "5.4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29656C7B-3716-4042-9114-3E352B328C16",
            "versionEndIncluding": "5.5.0.91",
            "versionStartIncluding": "5.5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF1C67A0-883B-4703-A6A7-1345AC65C32F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References