CVE-2010-3758

05.10.2010, 22:00

Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059.

Code Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
ibm	tivoli_storage_manager_fastback	5.5.0
ibm	tivoli_storage_manager_fastback	5.5.1
ibm	tivoli_storage_manager_fastback	5.5.2
ibm	tivoli_storage_manager_fastback	5.5.2.0
ibm	tivoli_storage_manager_fastback	5.5.3.0
ibm	tivoli_storage_manager_fastback	5.5.4.0
ibm	tivoli_storage_manager_fastback	5.5.5.0
ibm	tivoli_storage_manager_fastback	5.5.6.0
ibm	tivoli_storage_manager_fastback	6.1.0.0
ibm	tivoli_storage_manager_fastback	6.1.0.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883

http://www.ibm.com/support/docview.wss?uid=swg21443820

http://www.securityfocus.com/archive/1/514059/100/0/threaded

http://www.securityfocus.com/archive/1/514067/100/0/threaded

http://www.securityfocus.com/archive/1/514072/100/0/threaded

http://www.securityfocus.com/archive/1/514078/100/0/threaded

http://zerodayinitiative.com/advisories/ZDI-10-180/

http://zerodayinitiative.com/advisories/ZDI-10-181/

http://zerodayinitiative.com/advisories/ZDI-10-183/

http://zerodayinitiative.com/advisories/ZDI-10-184/

http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883

http://www.ibm.com/support/docview.wss?uid=swg21443820

http://www.securityfocus.com/archive/1/514059/100/0/threaded

http://www.securityfocus.com/archive/1/514067/100/0/threaded

http://www.securityfocus.com/archive/1/514072/100/0/threaded

http://www.securityfocus.com/archive/1/514078/100/0/threaded

http://zerodayinitiative.com/advisories/ZDI-10-180/

http://zerodayinitiative.com/advisories/ZDI-10-181/

http://zerodayinitiative.com/advisories/ZDI-10-183/

http://zerodayinitiative.com/advisories/ZDI-10-184/