cvelistv5 - cve-2008-4563

CVE-2008-4563 (GCVE-0-2008-4563)

Vulnerability from cvelistv5 – Published: 2009-03-11 14:00 – Updated: 2024-08-07 10:24

Summary

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/34077	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1021837	vdb-entryx_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0669	vdb-entryx_refsource_VUPEN
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://secunia.com/advisories/34245	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/52617	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:24:19.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34077",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34077"
          },
          {
            "name": "1021837",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
          },
          {
            "name": "ADV-2009-0669",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0669"
          },
          {
            "name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
          },
          {
            "name": "34245",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34245"
          },
          {
            "name": "52617",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52617"
          },
          {
            "name": "tivoli-tsm-adsmdll-bo(49188)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
          },
          {
            "name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "34077",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34077"
        },
        {
          "name": "1021837",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
        },
        {
          "name": "ADV-2009-0669",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0669"
        },
        {
          "name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
        },
        {
          "name": "34245",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34245"
        },
        {
          "name": "52617",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52617"
        },
        {
          "name": "tivoli-tsm-adsmdll-bo(49188)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
        },
        {
          "name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34077",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34077"
            },
            {
              "name": "1021837",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021837"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
            },
            {
              "name": "ADV-2009-0669",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0669"
            },
            {
              "name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
            },
            {
              "name": "34245",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34245"
            },
            {
              "name": "52617",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52617"
            },
            {
              "name": "tivoli-tsm-adsmdll-bo(49188)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
            },
            {
              "name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4563",
    "datePublished": "2009-03-11T14:00:00",
    "dateReserved": "2008-10-14T00:00:00",
    "dateUpdated": "2024-08-07T10:24:19.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA28A2C9-21A0-48E2-88DD-C2336D990523\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A263333E-DB86-41BE-A508-731079429E62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25121FC4-9EE2-44AE-BEB3-02C3AB38DB61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93FCB242-C35B-4CDB-AE62-3CA5D312586B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70016926-5776-4A04-8D55-5CA12D1DA9B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"930B5AE2-CA47-47D7-96DE-F2B9F70337C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FAA5227-C1F5-48C1-A207-096F228E305E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11E968D1-8198-4686-BFDD-8499CB435B56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40A8E0C4-8509-4372-99C7-CFBA2100AEBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4C19266-CDED-4DC0-8B50-560BA3B5DAC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5E6A344-E062-4179-9CFA-CF912B4AED16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A140293-8F4A-4AB4-9EE8-36D0EB398C66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AABAD076-C9D6-481E-B9DC-CEB95C224979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77114204-172B-4E6A-AFFE-E6123458F0C3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento del b\\u00fafer en la regi\\u00f3n heap de la memoria en la biblioteca adsmdll.dll versi\\u00f3n 5.3.7.7296, como es usada por el demonio (dsmsvc.exe) en el servidor de respaldo en Tivoli Storage Manager (TSM) Express de IBM versi\\u00f3n 5.3.7.3 y anteriores y TSM versi\\u00f3n 5.2, versiones 5.3 anteriores a 5.3.6.0 , y versiones 5.4.0.0 hasta 5.4.4.0, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de un valor de longitud dise\\u00f1ado.\"}]",
      "id": "CVE-2008-4563",
      "lastModified": "2024-11-21T00:51:59.243",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-03-11T14:19:15.187",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/52617\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34245\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21377388\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34077\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0669\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49188\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/52617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21377388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4563\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-11T14:19:15.187\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca adsmdll.dll versi\u00f3n 5.3.7.7296, como es usada por el demonio (dsmsvc.exe) en el servidor de respaldo en Tivoli Storage Manager (TSM) Express de IBM versi\u00f3n 5.3.7.3 y anteriores y TSM versi\u00f3n 5.2, versiones 5.3 anteriores a 5.3.6.0 , y versiones 5.4.0.0 hasta 5.4.4.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor de longitud dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA28A2C9-21A0-48E2-88DD-C2336D990523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A263333E-DB86-41BE-A508-731079429E62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25121FC4-9EE2-44AE-BEB3-02C3AB38DB61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93FCB242-C35B-4CDB-AE62-3CA5D312586B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70016926-5776-4A04-8D55-5CA12D1DA9B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"930B5AE2-CA47-47D7-96DE-F2B9F70337C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FAA5227-C1F5-48C1-A207-096F228E305E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E968D1-8198-4686-BFDD-8499CB435B56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A8E0C4-8509-4372-99C7-CFBA2100AEBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C19266-CDED-4DC0-8B50-560BA3B5DAC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5E6A344-E062-4179-9CFA-CF912B4AED16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A140293-8F4A-4AB4-9EE8-36D0EB398C66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AABAD076-C9D6-481E-B9DC-CEB95C224979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77114204-172B-4E6A-AFFE-E6123458F0C3\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/52617\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34245\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021837\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21377388\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34077\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0669\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49188\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/52617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21377388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-4563

Vulnerability from fkie_nvd - Published: 2009-03-11 14:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
cve@mitre.org	http://osvdb.org/52617
cve@mitre.org	http://secunia.com/advisories/34245	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021837
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21377388	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/34077
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0669	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49188
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/52617
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34245	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021837
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21377388	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34077
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0669	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49188

Impacted products

Vendor	Product	Version
microsoft	windows	*
ibm	tivoli_storage_manager	5.2
ibm	tivoli_storage_manager	5.3
ibm	tivoli_storage_manager	5.3.0
ibm	tivoli_storage_manager	5.3.1
ibm	tivoli_storage_manager	5.3.2
ibm	tivoli_storage_manager	5.3.2.4
ibm	tivoli_storage_manager	5.3.3
ibm	tivoli_storage_manager	5.3.4
ibm	tivoli_storage_manager	5.3.5.1
ibm	tivoli_storage_manager	5.4.0
ibm	tivoli_storage_manager	5.4.1
ibm	tivoli_storage_manager	5.4.2
ibm	tivoli_storage_manager	5.4.2.2
ibm	tivoli_storage_manager	5.4.2.3
ibm	tivoli_storage_manager	5.4.2.4
ibm	tivoli_storage_manager	5.4.4.0
ibm	tivoli_storage_manager_express	5.3
ibm	tivoli_storage_manager_express	5.3.3.0
ibm	tivoli_storage_manager_express	5.3.6.4
ibm	tivoli_storage_manager_express	5.3.7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E6A344-E062-4179-9CFA-CF912B4AED16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A140293-8F4A-4AB4-9EE8-36D0EB398C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AABAD076-C9D6-481E-B9DC-CEB95C224979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "77114204-172B-4E6A-AFFE-E6123458F0C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca adsmdll.dll versi\u00f3n 5.3.7.7296, como es usada por el demonio (dsmsvc.exe) en el servidor de respaldo en Tivoli Storage Manager (TSM) Express de IBM versi\u00f3n 5.3.7.3 y anteriores y TSM versi\u00f3n 5.2, versiones 5.3 anteriores a 5.3.6.0 , y versiones 5.4.0.0 hasta 5.4.4.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor de longitud dise\u00f1ado."
    }
  ],
  "id": "CVE-2008-4563",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-11T14:19:15.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52617"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34245"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021837"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34077"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0669"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PXFC-8F3M-GMG5

Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2022-05-02 00:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-11T14:19:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.",
  "id": "GHSA-pxfc-8f3m-gmg5",
  "modified": "2022-05-02T00:11:21Z",
  "published": "2022-05-02T00:11:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4563"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/52617"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34245"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021837"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34077"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités ont été découvertes dans différentes versions d'IBM Tivoli Storage Manager. L'exploitation de ces vulnérabilités permet de réaliser un déni de service ou l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans différentes versions d'IBM Tivoli Storage Manager.

Les deux vulnérabilités consistent en des dépassements de mémoire dans des modules non spécifiés, et permettent à un utilisateur malintentionné de réaliser un déni de service ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Tivoli	IBM TSM version 5.5.1.4 et versions antérieures.
	IBM	Tivoli	IBM TSM version 5.4.4.0 et versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM numéro 1377388 du 10 mars 2009	None	vendor-advisory
Bulletin de sécurité IBM numéro 1329223 du 06 mars 2009	None	vendor-advisory
Bulletin de sécurité IBM swg21329223 du 06 mars 2009 :	-	other
Bulletin de sécurité IBM swg21377388 du 10 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM TSM version 5.5.1.4 et versions ant\u00e9rieures.",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM TSM version 5.4.4.0 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans diff\u00e9rentes versions d\u0027IBM\nTivoli Storage Manager.\n\nLes deux vuln\u00e9rabilit\u00e9s consistent en des d\u00e9passements de m\u00e9moire dans\ndes modules non sp\u00e9cifi\u00e9s, et permettent \u00e0 un utilisateur malintentionn\u00e9\nde r\u00e9aliser un d\u00e9ni de service ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4563"
    },
    {
      "name": "CVE-2009-0869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0869"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21329223 du 06 mars 2009 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21329223"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21377388 du 10 mars 2009 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21377388"
    }
  ],
  "reference": "CERTA-2009-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans diff\u00e9rentes versions d\u0027IBM\nTivoli Storage Manager. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de\nr\u00e9aliser un d\u00e9ni de service ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Tivoli Storage Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM num\u00e9ro 1377388 du 10 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM num\u00e9ro 1329223 du 06 mars 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

Description

Deux vulnérabilités ont été découvertes dans différentes versions d'IBM Tivoli Storage Manager.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Tivoli	IBM TSM version 5.5.1.4 et versions antérieures.
	IBM	Tivoli	IBM TSM version 5.4.4.0 et versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM numéro 1377388 du 10 mars 2009	None	vendor-advisory
Bulletin de sécurité IBM numéro 1329223 du 06 mars 2009	None	vendor-advisory
Bulletin de sécurité IBM swg21329223 du 06 mars 2009 :	-	other
Bulletin de sécurité IBM swg21377388 du 10 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM TSM version 5.5.1.4 et versions ant\u00e9rieures.",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM TSM version 5.4.4.0 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans diff\u00e9rentes versions d\u0027IBM\nTivoli Storage Manager.\n\nLes deux vuln\u00e9rabilit\u00e9s consistent en des d\u00e9passements de m\u00e9moire dans\ndes modules non sp\u00e9cifi\u00e9s, et permettent \u00e0 un utilisateur malintentionn\u00e9\nde r\u00e9aliser un d\u00e9ni de service ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4563"
    },
    {
      "name": "CVE-2009-0869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0869"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21329223 du 06 mars 2009 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21329223"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21377388 du 10 mars 2009 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21377388"
    }
  ],
  "reference": "CERTA-2009-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans diff\u00e9rentes versions d\u0027IBM\nTivoli Storage Manager. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de\nr\u00e9aliser un d\u00e9ni de service ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Tivoli Storage Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM num\u00e9ro 1377388 du 10 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM num\u00e9ro 1329223 du 06 mars 2009",
      "url": null
    }
  ]
}

GSD-2008-4563

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-4563

Aliases

CVE-2008-4563

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4563",
    "description": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.",
    "id": "GSD-2008-4563"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4563"
      ],
      "details": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.",
      "id": "GSD-2008-4563",
      "modified": "2023-12-13T01:23:00.156271Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4563",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "34077",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34077"
          },
          {
            "name": "1021837",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021837"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
          },
          {
            "name": "ADV-2009-0669",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0669"
          },
          {
            "name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
          },
          {
            "name": "34245",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34245"
          },
          {
            "name": "52617",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/52617"
          },
          {
            "name": "tivoli-tsm-adsmdll-bo(49188)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
          },
          {
            "name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4563"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
            },
            {
              "name": "34245",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34245"
            },
            {
              "name": "34077",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34077"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
            },
            {
              "name": "ADV-2009-0669",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0669"
            },
            {
              "name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
            },
            {
              "name": "1021837",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021837"
            },
            {
              "name": "52617",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/52617"
            },
            {
              "name": "tivoli-tsm-adsmdll-bo(49188)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2009-03-11T14:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4563 (GCVE-0-2008-4563)

FKIE_CVE-2008-4563

GHSA-PXFC-8F3M-GMG5

CERTA-2009-AVI-103

Description

Solution

CERTA-2009-AVI-103

Description

Solution

GSD-2008-4563

Tags

Sightings

Nomenclature