IBM Tivoli Storage Manager Express Backup Heap Corruption
Severity: : Critical
CVE Kennungen: : CVE-2008-4563
Advisory Date: 21 lipca 2015
DESCRIPTION
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003393
Trend Micro Deep Security DPI Rule Name: 1003393 - IBM Tivoli Storage Manager Express Backup Heap Corruption
AFFECTED SOFTWARE AND VERSION:
- ibm tivoli_storage_manager 5.2
- ibm tivoli_storage_manager 5.3
- ibm tivoli_storage_manager 5.3.0
- ibm tivoli_storage_manager 5.3.1
- ibm tivoli_storage_manager 5.3.2
- ibm tivoli_storage_manager 5.3.2.4
- ibm tivoli_storage_manager 5.3.3
- ibm tivoli_storage_manager 5.3.4
- ibm tivoli_storage_manager 5.3.5.1
- ibm tivoli_storage_manager 5.4.0
- ibm tivoli_storage_manager 5.4.1
- ibm tivoli_storage_manager 5.4.2
- ibm tivoli_storage_manager 5.4.2.2
- ibm tivoli_storage_manager 5.4.2.3
- ibm tivoli_storage_manager 5.4.2.4
- ibm tivoli_storage_manager 5.4.4.0
- ibm tivoli_storage_manager_express 5.3
- ibm tivoli_storage_manager_express 5.3.3.0
- ibm tivoli_storage_manager_express 5.3.6.4
- ibm tivoli_storage_manager_express 5.3.7.3