Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21322623 | patch vendor advisory |
| http://secunia.com/advisories/32465 | third party advisory |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC56773 | vendor advisory |
| http://www.securityfocus.com/archive/1/497950/100/0/threaded | mailing list third party advisory vdb entry |
| http://www.securitytracker.com/id?1021122 | third party advisory vdb entry |
| http://www.vupen.com/english/advisories/2008/2969 | third party advisory vdb entry |
| http://www.securityfocus.com/bid/31988 | patch third party advisory vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46208 | third party advisory vdb entry |
| http://www.zerodayinitiative.com/advisories/ZDI-08-071/ | patch third party advisory vdb entry |