CVE-2010-3757

IBM Tivoli Storage Manager FastBack 5.5.0.0-5.5.6.0 & 6.1.0.0-6.1.0.1 - Remote Code Execution via Format String

Title source: llm
STIX 2.1

Description

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-10-185/
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21443820
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514069/100/0/threaded

Scores

EPSS 0.0414
EPSS Percentile 89.6%

Details

CWE
CWE-78
Status published
Products (10)
ibm/tivoli_storage_manager_fastback 5.5.0
ibm/tivoli_storage_manager_fastback 5.5.1
ibm/tivoli_storage_manager_fastback 5.5.2
ibm/tivoli_storage_manager_fastback 5.5.2.0
ibm/tivoli_storage_manager_fastback 5.5.3.0
ibm/tivoli_storage_manager_fastback 5.5.4.0
ibm/tivoli_storage_manager_fastback 5.5.5.0
ibm/tivoli_storage_manager_fastback 5.5.6.0
ibm/tivoli_storage_manager_fastback 6.1.0.0
ibm/tivoli_storage_manager_fastback 6.1.0.1
Published Oct 05, 2010
Tracked Since Feb 18, 2026