CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-4828

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile4.00th
Published2009年5月5日
Last Modified2026年4月23日

Vulnerability Description

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

Affected Platforms (CPE)

📦
Ibm

Tivoli Storage Manager Client

= 5.1
📦
Ibm

Tivoli Storage Manager Client

= 5.1.8.0
📦
Ibm

Tivoli Storage Manager Client

= 5.1.8.2
📦
Ibm

Tivoli Storage Manager Client

= 5.2
📦
Ibm

Tivoli Storage Manager Client

= 5.2.5.1
📦
Ibm

Tivoli Storage Manager Client

= 5.2.5.2
📦
Ibm

Tivoli Storage Manager Client

= 5.2.5.3
📦
Ibm

Tivoli Storage Manager Client

= 5.3
📦
Ibm

Tivoli Storage Manager Client

= 5.3.5.2
📦
Ibm

Tivoli Storage Manager Client

= 5.3.5.3
📦
Ibm

Tivoli Storage Manager Client

= 5.3.6.3
📦
Ibm

Tivoli Storage Manager Client

= 5.3.6.4
📦
Ibm

Tivoli Storage Manager Client

= 5.4
📦
Ibm

Tivoli Storage Manager Client

= 5.4.1.1
📦
Ibm

Tivoli Storage Manager Client

= 5.4.1.2
📦
Ibm

Tivoli Storage Manager Client

= 5.4.1.96
📦
Ibm

Tivoli Storage Manager Express

= 5.3
📦
Ibm

Tivoli Storage Manager Express

= 5.3.3.0
📦
Ibm

Tivoli Storage Manager Express

= 5.3.6.4

References & Advisories

🔗 http://osvdb.org/54231
🔗 http://osvdb.org/54232
🔗 http://secunia.com/advisories/32604
🔗 http://secunia.com/secunia_research/2008-55/
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21384389
🔗 http://www-1.ibm.com/support/docview.wss?uid=swg1IC59513
🔗 http://www.securityfocus.com/archive/1/503182/100/0/threaded
🔗 http://www.vupen.com/english/advisories/2009/1235

関連する脆弱性情報

CVE-2009-152010.0

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5....

CVE-2008-480110.0

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the...

CVE-2007-488010.0

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5....

CVE-2009-086910.0

Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0....