Lucene search

K
cve[email protected]CVE-2010-3758
HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3758

2010-10-0522:00:06
CWE-94
web.nvd.nist.gov
22
cve-2010-3758
fastbackserver.exe
ibm tivoli storage manager
tsm
buffer overflow
remote code execution
agi_sendtolog
user_s_addadgroup
fxcli_checkindexdblocation
activateltscriptreply

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.277 Low

EPSS

Percentile

96.8%

Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059.

Affected configurations

NVD
Node
ibmtivoli_storage_manager_fastbackMatch5.5.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.1
OR
ibmtivoli_storage_manager_fastbackMatch5.5.2
OR
ibmtivoli_storage_manager_fastbackMatch5.5.2.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.3.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.4.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.5.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.6.0
OR
ibmtivoli_storage_manager_fastbackMatch6.1.0.0
OR
ibmtivoli_storage_manager_fastbackMatch6.1.0.1

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.277 Low

EPSS

Percentile

96.8%

Related for CVE-2010-3758