CVE-2010-4604

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

Published: Dec 29, 2010
Updated: May 9, 2024
CVE: CVE-2010-4604
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119
CWE-787

Affected Software
References

Software	From	Fixed in
ibm / tivoli_storage_manager	5.3.0	5.3.6.7.x
ibm / tivoli_storage_manager	5.4.0	5.4.3.3.x
ibm / tivoli_storage_manager	5.5.0	5.5.2.7.x
ibm / tivoli_storage_manager	6.1.0	6.1.3.x

http://secunia.com/advisories/42639
http://securitytracker.com/id?1024901
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
http://www.exploit-db.com/exploits/15745
http://www.ibm.com/support/docview.wss?uid=swg21454745
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
http://www.securityfocus.com/archive/1/515263/100/0/threaded
http://www.vupen.com/english/advisories/2010/3251

Vulnerability Database

CVE-2010-4604