CVE-2008-4563

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.2
ibmtivoli_storage_manager
5.3
ibmtivoli_storage_manager
5.3.0
ibmtivoli_storage_manager
5.3.1
ibmtivoli_storage_manager
5.3.2
ibmtivoli_storage_manager
5.3.2.4
ibmtivoli_storage_manager
5.3.3
ibmtivoli_storage_manager
5.3.4
ibmtivoli_storage_manager
5.3.5.1
ibmtivoli_storage_manager
5.4.0
ibmtivoli_storage_manager
5.4.1
ibmtivoli_storage_manager
5.4.2
ibmtivoli_storage_manager
5.4.2.2
ibmtivoli_storage_manager
5.4.2.3
ibmtivoli_storage_manager
5.4.2.4
ibmtivoli_storage_manager
5.4.4.0
ibmtivoli_storage_manager_express
5.3
ibmtivoli_storage_manager_express
5.3.3.0
ibmtivoli_storage_manager_express
5.3.6.4
ibmtivoli_storage_manager_express
5.3.7.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
http://osvdb.org/52617
http://secunia.com/advisories/34245
http://securitytracker.com/id?1021837
http://www-01.ibm.com/support/docview.wss?uid=swg21377388
http://www.securityfocus.com/bid/34077
http://www.vupen.com/english/advisories/2009/0669
https://exchange.xforce.ibmcloud.com/vulnerabilities/49188
http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
http://osvdb.org/52617
http://secunia.com/advisories/34245
http://securitytracker.com/id?1021837
http://www-01.ibm.com/support/docview.wss?uid=swg21377388
http://www.securityfocus.com/bid/34077
http://www.vupen.com/english/advisories/2009/0669
https://exchange.xforce.ibmcloud.com/vulnerabilities/49188