CVE-2008-4828

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager Client; Tivoli Storage Manager Express
Vendor: CVE Published:; 5 May 2009

Summary

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

References

http://secunia.com/secunia_research/2008-55/

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=swg21384389

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1235

vdb-entryx_refsource_VUPEN

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 5, 2009
Vulnerability Reserved
Oct 31, 2008