|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-07-21 | |
| Rule Name: | IBM Tivoli Storage Manager Client dsmagent.exe NodeName Buffer Overflow Vulnerability -3 (CVE-2008-4828) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows | |
| Reference: | http://www-01.ibm.com/support/docview.wss?uid=swg21384389 http://www-1.ibm.com/support/docview.wss?uid=swg1IC59513 http://www.securityfocus.com/archive/1/503182/100/0/threaded http://www.vupen.com/english/advisories/2009/1235 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www-01.ibm.com/support/docview.wss?uid=swg21384389 |