CVE-2010-4604 - Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communicatio

CVE-2010-4604

Summary

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

References

Vulnerable Configurations

cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 13-12-2022 - 21:27)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

aixapar	IC65491
bugtraq	20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root
confirm	http://www.ibm.com/support/docview.wss?uid=swg21454745
exploit-db	15745
misc	http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
sectrack	1024901
secunia	42639
vupen	ADV-2010-3251

Last major update

13-12-2022 - 21:27

Published

29-12-2010 - 18:00

Last modified

13-12-2022 - 21:27