CVE-2010-3754

IBM Tivoli Storage Manager FastBack 5.5.0.0-5.5.6.0 & 6.1.0.0-6.1.0.1 - Remote Code Execution

Title source: llm
STIX 2.1

Description

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-10-182/
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21443820
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514058/100/0/threaded

Scores

EPSS 0.0500
EPSS Percentile 91.2%

Details

CWE
CWE-78
Status published
Products (10)
ibm/tivoli_storage_manager_fastback 5.5.0
ibm/tivoli_storage_manager_fastback 5.5.1
ibm/tivoli_storage_manager_fastback 5.5.2
ibm/tivoli_storage_manager_fastback 5.5.2.0
ibm/tivoli_storage_manager_fastback 5.5.3.0
ibm/tivoli_storage_manager_fastback 5.5.4.0
ibm/tivoli_storage_manager_fastback 5.5.5.0
ibm/tivoli_storage_manager_fastback 5.5.6.0
ibm/tivoli_storage_manager_fastback 6.1.0.0
ibm/tivoli_storage_manager_fastback 6.1.0.1
Published Oct 05, 2010
Tracked Since Feb 18, 2026