CVE-2009-3853

EUVD-2009-3824
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.2.5.3
ibmtivoli_storage_manager
5.3
ibmtivoli_storage_manager
5.3.0
ibmtivoli_storage_manager
5.3.1
ibmtivoli_storage_manager
5.3.2
ibmtivoli_storage_manager
5.3.2.4
ibmtivoli_storage_manager
5.3.3
ibmtivoli_storage_manager
5.3.3
ibmtivoli_storage_manager
5.3.4
ibmtivoli_storage_manager
5.3.4
ibmtivoli_storage_manager
5.3.5
ibmtivoli_storage_manager
5.3.5.1
ibmtivoli_storage_manager
5.3.6
ibmtivoli_storage_manager
5.3.6.1
ibmtivoli_storage_manager
5.3.6.2
ibmtivoli_storage_manager
5.3.6.3
ibmtivoli_storage_manager
5.3.6.4
ibmtivoli_storage_manager
5.3.6.5
ibmtivoli_storage_manager
5.3.6.6
ibmtivoli_storage_manager
5.3.6.6
ibmtivoli_storage_manager
5.4.0
ibmtivoli_storage_manager
5.4.1
ibmtivoli_storage_manager
5.4.2
ibmtivoli_storage_manager
5.5.0
ibmtivoli_storage_manager
5.5.1
ibmtivoli_storage_manager
5.5.2
ibmtivoli_storage_manager
6.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32534
http://secunia.com/secunia_research/2008-51/
http://securitytracker.com/id?1023136
http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036
http://www-01.ibm.com/support/docview.wss?uid=swg21405562
http://www.securityfocus.com/archive/1/507654/100/0/threaded
http://www.vupen.com/english/advisories/2009/3132
http://secunia.com/advisories/32534
http://secunia.com/secunia_research/2008-51/
http://securitytracker.com/id?1023136
http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036
http://www-01.ibm.com/support/docview.wss?uid=swg21405562
http://www.securityfocus.com/archive/1/507654/100/0/threaded
http://www.vupen.com/english/advisories/2009/3132