Lucene search

[email protected]CVE-2006-5855

HistoryDec 06, 2006 - 7:28 p.m.

CVE-2006-5855

2006-12-0619:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

tivoli storage manager

tsm

buffer overflow

cve-2006-5855

nvd

security vulnerability

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.5%

JSON

Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managereq5.2.8
ibm:tivoli_storage_manageribm tivoli storage managereq5.3.1
ibm:tivoli_storage_manageribm tivoli storage managereq5.3.3
ibm:tivoli_storage_manageribm tivoli storage managereq5.3.0
ibm:tivoli_storage_manageribm tivoli storage managereq5.3.2
ibm:tivoli_storage_manageribm tivoli storage managereq5.2.7

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.2.8
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.3.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.3.3
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.3.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.3.2
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.2.7

References

secunia.com/advisories/23177

securityreason.com/securityalert/1979

securitytracker.com/id?1017333

www-1.ibm.com/support/docview.wss?uid=swg1IC50347

www-1.ibm.com/support/docview.wss?uid=swg21250261

www.kb.cert.org/vuls/id/350625

www.kb.cert.org/vuls/id/478753

www.kb.cert.org/vuls/id/887249

www.securityfocus.com/archive/1/453544/100/0/threaded

www.securityfocus.com/bid/21440

www.tippingpoint.com/security/advisories/TSRT-06-14.html

www.vupen.com/english/advisories/2006/4856

exchange.xforce.ibmcloud.com/vulnerabilities/30699

exchange.xforce.ibmcloud.com/vulnerabilities/30701

exchange.xforce.ibmcloud.com/vulnerabilities/30702

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2006-5855

checkpoint_advisories1 cert3 nessus1 d21 securityvulns1 cve1