Vulnerability Details : CVE-2010-4604
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2010-4604
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 22 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4604
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-4604
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4604
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
IBM notice: The page you requested cannot be displayedBroken Link
-
http://www.vupen.com/english/advisories/2010/3251
Webmail | OVH- OVHBroken Link;Vendor Advisory
-
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
404 Page not found - Kryptos LogicBroken Link
-
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
404 Page not found - Kryptos LogicBroken Link;Exploit
-
http://www.exploit-db.com/exploits/15745
IBM Tivoli Storage Manager (TSM) - Local Privilege Escalation - Linux local ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/515263/100/0/threaded
SecurityFocusBroken Link;Third Party Advisory;VDB Entry
-
http://www.ibm.com/support/docview.wss?uid=swg21454745
IBM notice: The page you requested cannot be displayedBroken Link;Vendor Advisory
-
http://securitytracker.com/id?1024901
IBM Tivoli Storage Manager Lets Local Users Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2010-4604
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*