CVE-2008-4828: Buffer Overflow
First published: Tue May 05 2009(Updated: )
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Tivoli Storage Manager Client | =5.2.5.2 | |
| Ibm Tivoli Storage Manager Client | =5.1 | |
| Ibm Tivoli Storage Manager Express | =5.3.6.4 | |
| Ibm Tivoli Storage Manager Client | =5.3.6.3 | |
| Ibm Tivoli Storage Manager Client | =5.4.1.2 | |
| Ibm Tivoli Storage Manager Express | =5.3.3.0 | |
| Ibm Tivoli Storage Manager Client | =5.3 | |
| Ibm Tivoli Storage Manager Client | =5.4.1.1 | |
| Ibm Tivoli Storage Manager Client | =5.2.5.1 | |
| Ibm Tivoli Storage Manager Client | =5.1.8.2 | |
| Ibm Tivoli Storage Manager Client | =5.2.5.3 | |
| Ibm Tivoli Storage Manager Client | =5.4.1.96 | |
| Ibm Tivoli Storage Manager Client | =5.2 | |
| Ibm Tivoli Storage Manager Client | =5.3.5.3 | |
| Ibm Tivoli Storage Manager Client | =5.4 | |
| Ibm Tivoli Storage Manager Client | =5.3.5.2 | |
| Ibm Tivoli Storage Manager Client | =5.1.8.0 | |
| Ibm Tivoli Storage Manager Express | =5.3 | |
| Ibm Tivoli Storage Manager Client | =5.3.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=swg21384389
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC59513
- http://secunia.com/secunia_research/2008-55/
- http://osvdb.org/54232
- http://osvdb.org/54231
- http://secunia.com/advisories/32604
- http://www.vupen.com/english/advisories/2009/1235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50327
- http://www.securityfocus.com/archive/1/503182/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/author
- agent/description
- agent/tags
- agent/event
- vendor/ibm
- canonical/ibm tivoli storage manager client
- version/ibm tivoli storage manager client/5.2.5.2
- version/ibm tivoli storage manager client/5.1
- canonical/ibm tivoli storage manager express
- version/ibm tivoli storage manager express/5.3.6.4
- version/ibm tivoli storage manager client/5.3.6.3
- version/ibm tivoli storage manager client/5.4.1.2
- version/ibm tivoli storage manager express/5.3.3.0
- version/ibm tivoli storage manager client/5.3
- version/ibm tivoli storage manager client/5.4.1.1
- version/ibm tivoli storage manager client/5.2.5.1
- version/ibm tivoli storage manager client/5.1.8.2
- version/ibm tivoli storage manager client/5.2.5.3
- version/ibm tivoli storage manager client/5.4.1.96
- version/ibm tivoli storage manager client/5.2
- version/ibm tivoli storage manager client/5.3.5.3
- version/ibm tivoli storage manager client/5.4
- version/ibm tivoli storage manager client/5.3.5.2
- version/ibm tivoli storage manager client/5.1.8.0
- version/ibm tivoli storage manager express/5.3
- version/ibm tivoli storage manager client/5.3.6.4