CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 11/20/2009
CVE: CVE-2009-3853
OSVDB: 59632
IBM Tivoli Storage Manager (TSM) provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon (CAD) on port 1582/TCP.
The vulnerability is caused by an input validation error in the CAD service. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet containing a long client computer name via TCP.
Upgrade to the latest version.
<http://secunia.com/secunia_research/2008-51/>
Exploit works on IBM Tivoli Storage Manager Express Client 5.3.6.6.
The affected Tivoli Storage Manager Express Client must be successfully configured and connected to a Tivoli Storage Manager Server. Note that it may take one or two minutes for the client to connect to the server.
Windows