Vulnerability Details CVE-2010-3756
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
- http://www.ibm.com/support/docview.wss?uid=swg21443820
- http://www.securityfocus.com/archive/1/514070/100/0/threaded
- http://zerodayinitiative.com/advisories/ZDI-10-186/
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
- http://www.ibm.com/support/docview.wss?uid=swg21443820
- http://www.securityfocus.com/archive/1/514070/100/0/threaded
- http://zerodayinitiative.com/advisories/ZDI-10-186/
Products affected by CVE-2010-3756
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.1