CVE-2008-4563: Buffer Overflow
First published: Wed Mar 11 2009(Updated: )
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Operating System | ||
| IBM Tivoli Storage Manager | =5.2 | |
| IBM Tivoli Storage Manager | =5.3 | |
| IBM Tivoli Storage Manager | =5.3.0 | |
| IBM Tivoli Storage Manager | =5.3.1 | |
| IBM Tivoli Storage Manager | =5.3.2 | |
| IBM Tivoli Storage Manager | =5.3.2.4 | |
| IBM Tivoli Storage Manager | =5.3.3 | |
| IBM Tivoli Storage Manager | =5.3.4 | |
| IBM Tivoli Storage Manager | =5.3.5.1 | |
| IBM Tivoli Storage Manager | =5.4.0 | |
| IBM Tivoli Storage Manager | =5.4.1 | |
| IBM Tivoli Storage Manager | =5.4.2 | |
| IBM Tivoli Storage Manager | =5.4.2.2 | |
| IBM Tivoli Storage Manager | =5.4.2.3 | |
| IBM Tivoli Storage Manager | =5.4.2.4 | |
| IBM Tivoli Storage Manager | =5.4.4.0 | |
| IBM Tivoli Storage Manager Express | =5.3 | |
| IBM Tivoli Storage Manager Express | =5.3.3.0 | |
| IBM Tivoli Storage Manager Express | =5.3.6.4 | |
| IBM Tivoli Storage Manager Express | =5.3.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
- http://secunia.com/advisories/34245
- http://www.securityfocus.com/bid/34077
- http://www-01.ibm.com/support/docview.wss?uid=swg21377388
- http://www.vupen.com/english/advisories/2009/0669
- http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
- http://securitytracker.com/id?1021837
- http://osvdb.org/52617
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49188
Frequently Asked Questions
What is the severity of CVE-2008-4563?
CVE-2008-4563 is considered a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2008-4563?
To fix CVE-2008-4563, upgrade the affected IBM Tivoli Storage Manager to version 5.3.6.0 or later, or to version 5.4.5.0 or later.
What versions are affected by CVE-2008-4563?
CVE-2008-4563 affects IBM Tivoli Storage Manager versions 5.2 and 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0.
What type of vulnerability is CVE-2008-4563?
CVE-2008-4563 is a heap-based buffer overflow vulnerability.
What software uses the vulnerable adsmdll.dll in CVE-2008-4563?
The vulnerable adsmdll.dll is used by the daemon (dsmsvc.exe) in IBM Tivoli Storage Manager.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/ibm
- canonical/ibm tivoli storage manager
- version/ibm tivoli storage manager/5.2
- version/ibm tivoli storage manager/5.3
- version/ibm tivoli storage manager/5.3.0
- version/ibm tivoli storage manager/5.3.1
- version/ibm tivoli storage manager/5.3.2
- version/ibm tivoli storage manager/5.3.2.4
- version/ibm tivoli storage manager/5.3.3
- version/ibm tivoli storage manager/5.3.4
- version/ibm tivoli storage manager/5.3.5.1
- version/ibm tivoli storage manager/5.4.0
- version/ibm tivoli storage manager/5.4.1
- version/ibm tivoli storage manager/5.4.2
- version/ibm tivoli storage manager/5.4.2.2
- version/ibm tivoli storage manager/5.4.2.3
- version/ibm tivoli storage manager/5.4.2.4
- version/ibm tivoli storage manager/5.4.4.0
- canonical/ibm tivoli storage manager express
- version/ibm tivoli storage manager express/5.3
- version/ibm tivoli storage manager express/5.3.3.0
- version/ibm tivoli storage manager express/5.3.6.4
- version/ibm tivoli storage manager express/5.3.7.3