CVE-2009-3853
IBM Tivoli Storage Manager - Memory Corruption
Title source: ruleDescription
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16421
metasploit
WORKING POC
GOOD
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb
References (7)
Scores
EPSS
0.7393
EPSS Percentile
98.8%
Details
CWE
CWE-119
Status
published
Products (24)
ibm/tivoli_storage_manager
5.2.5.3
ibm/tivoli_storage_manager
5.3
ibm/tivoli_storage_manager
5.3.0
ibm/tivoli_storage_manager
5.3.1
ibm/tivoli_storage_manager
5.3.2
ibm/tivoli_storage_manager
5.3.2.4
ibm/tivoli_storage_manager
5.3.3 (2 CPE variants)
ibm/tivoli_storage_manager
5.3.4 (2 CPE variants)
ibm/tivoli_storage_manager
5.3.5
ibm/tivoli_storage_manager
5.3.5.1
... and 14 more
Published
Nov 04, 2009
Tracked Since
Feb 18, 2026