CVE-2010-4604
IBM Tivoli Storage Manager < 5.3.6.7 - Out-of-Bounds Write
Title source: ruleDescription
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Kryptos Logic · textlocallinux
https://www.exploit-db.com/exploits/15745
References (9)
Core 9
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024901
Broken Link vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3251
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15745
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42639
Broken Link x_refsource_misc
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515263/100/0/threaded
Broken Link, Exploit x_refsource_misc
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
Broken Link, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21454745
Scores
EPSS
0.0031
EPSS Percentile
53.7%
Details
CWE
CWE-787
Status
published
Products (1)
ibm/tivoli_storage_manager
5.3.0 - 5.3.6.7
Published
Dec 29, 2010
Tracked Since
Feb 18, 2026