What is the severity of CVE-2009-3853?

CVE-2009-3853 is classified as a high-severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2009-3853?

To fix CVE-2009-3853, update IBM Tivoli Storage Manager to version 5.3.6.7 or later, or apply any relevant patches provided by IBM.

Which versions of IBM Tivoli Storage Manager are affected by CVE-2009-3853?

CVE-2009-3853 affects IBM Tivoli Storage Manager versions prior to 5.3.6.7, 5.4 prior to 5.4.3, 5.5 prior to 5.5.2.2, and 6.1 prior to 6.1.0.2.

What type of attack can exploit CVE-2009-3853?

CVE-2009-3853 can be exploited by remote attackers via a stack-based buffer overflow, allowing arbitrary code execution.

Is there a workaround for CVE-2009-3853 if updates cannot be applied?

If updates cannot be applied for CVE-2009-3853, restricting network access to the vulnerable Tivoli Storage Manager services may reduce exposure.

Vulnerability/
CVE-2009-3853

critical

9.3

CWE

119

4/11/2009

7/8/2024

CVE-2009-3853: Buffer Overflow

First published: Wed Nov 04 2009(Updated: )

Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Tivoli Storage Manager	=5.3.5
IBM Tivoli Storage Manager	=5.3.6.3
IBM Tivoli Storage Manager	=5.3.6.1
IBM Tivoli Storage Manager	=5.3.6.6
IBM Tivoli Storage Manager	=5.4.2
IBM Tivoli Storage Manager	=5.3.6.6
IBM Tivoli Storage Manager	=5.3.2.4
IBM Tivoli Storage Manager	=5.3.4
IBM Tivoli Storage Manager	=5.5.0
IBM Tivoli Storage Manager	=5.5.2
IBM Tivoli Storage Manager	=5.3.6.2
IBM Tivoli Storage Manager	=5.3.1
IBM Tivoli Storage Manager	=5.3.4
IBM Tivoli Storage Manager	=5.3.6
IBM Tivoli Storage Manager	=5.3.3
IBM Tivoli Storage Manager	=5.3.0
IBM Tivoli Storage Manager	=5.5.1
IBM Tivoli Storage Manager	=5.4.1
IBM Tivoli Storage Manager	=5.4.0
IBM Tivoli Storage Manager	=5.3.2
IBM Tivoli Storage Manager	=6.1.0
IBM Tivoli Storage Manager	=5.3.6.4
IBM Tivoli Storage Manager	=5.3.5.1
IBM Tivoli Storage Manager	=5.3
IBM Tivoli Storage Manager	=5.3.3
IBM Tivoli Storage Manager	=5.2.5.3
IBM Tivoli Storage Manager	=5.3.6.5

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21405562

Remedy

http://www.vupen.com/english/advisories/2009/3132

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3853?
CVE-2009-3853 is classified as a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2009-3853?
To fix CVE-2009-3853, update IBM Tivoli Storage Manager to version 5.3.6.7 or later, or apply any relevant patches provided by IBM.
Which versions of IBM Tivoli Storage Manager are affected by CVE-2009-3853?
CVE-2009-3853 affects IBM Tivoli Storage Manager versions prior to 5.3.6.7, 5.4 prior to 5.4.3, 5.5 prior to 5.5.2.2, and 6.1 prior to 6.1.0.2.
What type of attack can exploit CVE-2009-3853?
CVE-2009-3853 can be exploited by remote attackers via a stack-based buffer overflow, allowing arbitrary code execution.
Is there a workaround for CVE-2009-3853 if updates cannot be applied?
If updates cannot be applied for CVE-2009-3853, restricting network access to the vulnerable Tivoli Storage Manager services may reduce exposure.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm tivoli storage manager
version/ibm tivoli storage manager/5.3.5
version/ibm tivoli storage manager/5.3.6.3
version/ibm tivoli storage manager/5.3.6.1
version/ibm tivoli storage manager/5.3.6.6
version/ibm tivoli storage manager/5.4.2
version/ibm tivoli storage manager/5.3.2.4
version/ibm tivoli storage manager/5.3.4
version/ibm tivoli storage manager/5.5.0
version/ibm tivoli storage manager/5.5.2
version/ibm tivoli storage manager/5.3.6.2
version/ibm tivoli storage manager/5.3.1
version/ibm tivoli storage manager/5.3.6
version/ibm tivoli storage manager/5.3.3
version/ibm tivoli storage manager/5.3.0
version/ibm tivoli storage manager/5.5.1
version/ibm tivoli storage manager/5.4.1
version/ibm tivoli storage manager/5.4.0
version/ibm tivoli storage manager/5.3.2
version/ibm tivoli storage manager/6.1.0
version/ibm tivoli storage manager/5.3.6.4
version/ibm tivoli storage manager/5.3.5.1
version/ibm tivoli storage manager/5.3
version/ibm tivoli storage manager/5.2.5.3
version/ibm tivoli storage manager/5.3.6.5

CVE-2009-3853: Buffer Overflow

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3853?

How do I fix CVE-2009-3853?

Which versions of IBM Tivoli Storage Manager are affected by CVE-2009-3853?

What type of attack can exploit CVE-2009-3853?

Is there a workaround for CVE-2009-3853 if updates cannot be applied?

Company

Resources

Contact