Vulnerability Details CVE-2008-4563
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.37
EPSS Ranking 96.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
- http://osvdb.org/52617
- http://secunia.com/advisories/34245
- http://securitytracker.com/id?1021837
- http://www-01.ibm.com/support/docview.wss?uid=swg21377388
- http://www.securityfocus.com/bid/34077
- http://www.vupen.com/english/advisories/2009/0669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49188
- http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
- http://osvdb.org/52617
- http://secunia.com/advisories/34245
- http://securitytracker.com/id?1021837
- http://www-01.ibm.com/support/docview.wss?uid=swg21377388
- http://www.securityfocus.com/bid/34077
- http://www.vupen.com/english/advisories/2009/0669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49188
Products affected by CVE-2008-4563
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.2
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4
-
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3
-
cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4
-
cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista