CVE-2010-4604

EUVD-2010-4570
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.3.0 ≤
𝑥
≤ 5.3.6.7
ibmtivoli_storage_manager
5.4.0 ≤
𝑥
≤ 5.4.3.3
ibmtivoli_storage_manager
5.5.0 ≤
𝑥
≤ 5.5.2.7
ibmtivoli_storage_manager
6.1.0 ≤
𝑥
≤ 6.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/42639
http://securitytracker.com/id?1024901
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
http://www.exploit-db.com/exploits/15745
http://www.ibm.com/support/docview.wss?uid=swg21454745
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
http://www.securityfocus.com/archive/1/515263/100/0/threaded
http://www.vupen.com/english/advisories/2010/3251
http://secunia.com/advisories/42639
http://securitytracker.com/id?1024901
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
http://www.exploit-db.com/exploits/15745
http://www.ibm.com/support/docview.wss?uid=swg21454745
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
http://www.securityfocus.com/archive/1/515263/100/0/threaded
http://www.vupen.com/english/advisories/2010/3251