Lucene search

[email protected]CVE-2010-3754

HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3754

2010-10-0522:00:06

CWE-78

[email protected]

web.nvd.nist.gov

cve-2010-3754

ibm tivoli storage manager

tsm fastback

remote code execution

arbitrary code execution

vulnerability

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.

Affected configurations

NVD

Node

ibmtivoli_storage_manager_fastbackMatch5.5.0

ibmtivoli_storage_manager_fastbackMatch5.5.1

ibmtivoli_storage_manager_fastbackMatch5.5.2

ibmtivoli_storage_manager_fastbackMatch5.5.2.0

ibmtivoli_storage_manager_fastbackMatch5.5.3.0

ibmtivoli_storage_manager_fastbackMatch5.5.4.0

ibmtivoli_storage_manager_fastbackMatch5.5.5.0

ibmtivoli_storage_manager_fastbackMatch5.5.6.0

ibmtivoli_storage_manager_fastbackMatch6.1.0.0

ibmtivoli_storage_manager_fastbackMatch6.1.0.1

CPENameOperatorVersion
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.1
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.2
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.2.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.3.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.4.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.5.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq5.5.6.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq6.1.0.0
ibm:tivoli_storage_manager_fastbackibm tivoli storage manager fastbackeq6.1.0.1

CPE	Name	Operator	Version
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.1
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.2
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.2.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.3.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.4.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.5.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	5.5.6.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	6.1.0.0
ibm:tivoli_storage_manager_fastback	ibm tivoli storage manager fastback	eq	6.1.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IC69883

www.ibm.com/support/docview.wss?uid=swg21443820

www.securityfocus.com/archive/1/514058/100/0/threaded

zerodayinitiative.com/advisories/ZDI-10-182/

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2010-3754

cvelist5 nvd5 prion5 cve4