APP: IBM Tivoli Storage Manager Remote Heap Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Tivoli Storage Manager Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Tivoli Client.

Extended Description

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

Affected Products

Ibm tivoli_storage_manager_express

References

CVE: CVE-2008-4801

Short Name
APP:IBM:TIVOLI-STORAGE-HOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2008-4801 Heap IBM Manager Overflow Remote Storage Tivoli
Release Date
09/26/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
Port
TCP/1025-1200,1500-1502
False Positive
Unknown
Vendors

Ibm

CVSS Score

10.0

Found a potential security threat?