| Vulnerability Name: | CVE-2008-4801 (CCN-46208) | ||||||||
| Assigned: | 2008-10-29 | ||||||||
| Published: | 2008-10-29 | ||||||||
| Updated: | 2018-11-02 | ||||||||
| Summary: | Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4801 Source: CCN Type: SA32465 IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability Source: SECUNIA Type: Third Party Advisory 32465 Source: CCN Type: SECTRACK ID: 1021122 IBM Tivoli Storage Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: IBM Tivoli Storage Manager Web site Tivoli Storage Manager Source: CCN Type: IBM APAR IC56773 TSM CLIENT BUFFER OVERRUN Source: CCN Type: IBM Support & downloads TSM client buffer overrun security vulnerability Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21322623 Source: AIXAPAR Type: Vendor Advisory IC56773 Source: CCN Type: OSVDB ID: 49442 IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20081030 ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability Source: BID Type: Patch, Third Party Advisory, VDB Entry 31988 Source: CCN Type: BID-31988 IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1021122 Source: VUPEN Type: Third Party Advisory ADV-2008-2969 Source: MISC Type: Patch, Third Party Advisory, VDB Entry http://www.zerodayinitiative.com/advisories/ZDI-08-071/ Source: XF Type: Third Party Advisory, VDB Entry ibm-tsm-backuparchiveclient-bo(46208) Source: XF Type: UNKNOWN ibm-tsm-backuparchiveclient-bo(46208) Source: CCN Type: ZDI-08-071 IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||