Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4604

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

Published

2010-12-29T18:00:03.777

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	tivoli_storage_manager	≤ 5.3.6.7	Yes
Application	ibm	tivoli_storage_manager	≤ 5.4.3.3	Yes
Application	ibm	tivoli_storage_manager	≤ 5.5.2.7	Yes
Application	ibm	tivoli_storage_manager	≤ 6.1.3	Yes
Operating System	linux	linux_kernel	-	No

References

http://secunia.com/advisories/42639 Broken Link, Vendor Advisory ([email protected])
http://securitytracker.com/id?1024901 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491 Broken Link ([email protected])
http://www.exploit-db.com/exploits/15745 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg21454745 Broken Link, Vendor Advisory ([email protected])
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c Broken Link, Exploit ([email protected])
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt Broken Link ([email protected])
http://www.securityfocus.com/archive/1/515263/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/3251 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/42639 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024901 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15745 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=swg21454745 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c Broken Link, Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/515263/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3251 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)