Vulnerability Details CVE-2006-5855
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.645
EPSS Ranking 98.3%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/23177
- http://securityreason.com/securityalert/1979
- http://securitytracker.com/id?1017333
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347
- http://www-1.ibm.com/support/docview.wss?uid=swg21250261
- http://www.kb.cert.org/vuls/id/350625
- http://www.kb.cert.org/vuls/id/478753
- http://www.kb.cert.org/vuls/id/887249
- http://www.securityfocus.com/archive/1/453544/100/0/threaded
- http://www.securityfocus.com/bid/21440
- http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
- http://www.vupen.com/english/advisories/2006/4856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30701
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30702
- http://secunia.com/advisories/23177
- http://securityreason.com/securityalert/1979
- http://securitytracker.com/id?1017333
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347
- http://www-1.ibm.com/support/docview.wss?uid=swg21250261
- http://www.kb.cert.org/vuls/id/350625
- http://www.kb.cert.org/vuls/id/478753
- http://www.kb.cert.org/vuls/id/887249
- http://www.securityfocus.com/archive/1/453544/100/0/threaded
- http://www.securityfocus.com/bid/21440
- http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
- http://www.vupen.com/english/advisories/2006/4856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30701
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30702
Products affected by CVE-2006-5855
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3