[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255861

 
 

909

 
 

199025

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5855Date: (C)2006-12-06   (M)2023-12-22


Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017333
SREASON-1979
http://www.securityfocus.com/archive/1/archive/1/453544/100/0/threaded
BID-21440
SECUNIA-23177
ADV-2006-4856
IC50347
VU#350625
VU#478753
VU#887249
http://www-1.ibm.com/support/docview.wss?uid=swg21250261
http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
tivoli-login-language-bo(30699)
tivoli-registration-message-bo(30702)
tivoli-smexecutewdsfsession-bo(30701)

CPE    6
cpe:/a:ibm:tivoli_storage_manager:5.2.7
cpe:/a:ibm:tivoli_storage_manager:5.2.8
cpe:/a:ibm:tivoli_storage_manager:5.3.2
cpe:/a:ibm:tivoli_storage_manager:5.3.1
...

© SecPod Technologies