Exploitation Summary
EIP tracks 2 public exploits for CVE-2008-4828.
PoCs published by Metasploit, jduck, including Metasploit module exploits/windows/misc/ibm_tsm_rca_dicugetidentify.
AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in IBM Tivoli Storage Manager Express RCA Service via a crafted 'dicuGetIdentify' request with an overly long NodeName parameter. It first interacts with the CAD service to start the RCA service and retrieve its port before triggering the vulnerability.
Description
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.
Exploits (2)
This Metasploit module exploits a stack buffer overflow in IBM Tivoli Storage Manager Express RCA Service via a crafted 'dicuGetIdentify' request with an overly long NodeName parameter. It first interacts with the CAD service to start the RCA service and retrieve its port before triggering the vulnerability.
This Metasploit module exploits a stack buffer overflow in IBM Tivoli Storage Manager Express RCA Service by sending a crafted 'dicuGetIdentify' request with an overly long NodeName parameter. It first interacts with the CAD service to start the RCA service and obtain its port, then triggers the vulnerability to achieve remote code execution.