CVE-2009-3853 - Vulnerability Details

Vendors	Products
Ibm	Tivoli Storage Manager

Link	Providers
http://secunia.com/advisories/32534
http://secunia.com/secunia_research/2008-51/
http://securitytracker.com/id?1023136
http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036
http://www-01.ibm.com/support/docview.wss?uid=swg21405562
http://www.securityfocus.com/archive/1/507654/100/0/threaded
http://www.vupen.com/english/advisories/2009/3132

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1023136", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023136"}, {"name": "ADV-2009-3132", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3132"}, {"name": "IC61036", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"}, {"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2008-51/"}, {"name": "32534", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32534"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3853", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1023136", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023136"}, {"name": "ADV-2009-3132", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3132"}, {"name": "IC61036", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"}, {"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"}, {"name": "http://secunia.com/secunia_research/2008-51/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2008-51/"}, {"name": "32534", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32534"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:49.522Z"}, "title": "CVE Program Container", "references": [{"name": "1023136", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023136"}, {"name": "ADV-2009-3132", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3132"}, {"name": "IC61036", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"}, {"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2008-51/"}, {"name": "32534", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32534"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3853", "datePublished": "2009-11-04T15:00:00", "dateReserved": "2009-11-04T00:00:00", "dateUpdated": "2024-08-07T06:45:49.522Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2009-11-03T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-10T18:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 1023136 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://securitytracker.com/id?1023136 (string)

}

1 : { »

name : ADV-2009-3132 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2009/3132 (string)

}

2 : { »

name : IC61036 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 (string)

}

3 : { »

name : 20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/507654/100/0/threaded (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://secunia.com/secunia_research/2008-51/ (string)

}

6 : { »

name : 32534 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/32534 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2009-3853 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1023136 (string)

refsource : SECTRACK (string)

url : http://securitytracker.com/id?1023136 (string)

}

1 : { »

name : ADV-2009-3132 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2009/3132 (string)

}

2 : { »

name : IC61036 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 (string)

}

3 : { »

name : 20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/507654/100/0/threaded (string)

}

4 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

}

5 : { »

name : http://secunia.com/secunia_research/2008-51/ (string)

refsource : MISC (string)

url : http://secunia.com/secunia_research/2008-51/ (string)

}

6 : { »

name : 32534 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/32534 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T06:45:49.522Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1023136 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://securitytracker.com/id?1023136 (string)

}

1 : { »

name : ADV-2009-3132 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2009/3132 (string)

}

2 : { »

name : IC61036 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 (string)

}

3 : { »

name : 20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/507654/100/0/threaded (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://secunia.com/secunia_research/2008-51/ (string)

}

6 : { »

name : 32534 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/32534 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2009-3853 (string)

datePublished : 2009-11-04T15:00:00 (string)

dateReserved : 2009-11-04T00:00:00 (string)

dateUpdated : 2024-08-07T06:45:49.522Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:express:*:*:*:*:*", "matchCriteriaId": "594F4C0E-BAF1-4B28-A21C-8608E1365592", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:express:*:*:*:*:*", "matchCriteriaId": "F1898001-E7E8-4B77-96DD-3B4FE70CF4CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5:*:express:*:*:*:*:*", "matchCriteriaId": "2EA1B92E-A7C9-4AEA-A180-2DC766DC5A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6:*:express:*:*:*:*:*", "matchCriteriaId": "91D9B30D-F3CF-4E43-BF8E-A16CA3138AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:express:*:*:*:*:*", "matchCriteriaId": "E6252B18-7599-4401-AFDC-28C241D8DFC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el planificador del demonio de aceptaci\u00f3n de cliente (CAD) en el cliente en Tivoli Storage Manager (TSM) versiones 5.3 anteriores a 5.3.6.7, versiones 5.4 anteriores a 5.4.3, versiones 5.5 anteriores a 5.5.2.2, y versiones 6.1 anteriores a 6.1.0.2, y TSM Express versiones 5.3.3.0 hasta 5.3.6.6, de IBM, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de datos especialmente dise\u00f1ados en un paquete TCP."}], "id": "CVE-2009-3853", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-04T15:30:00.670", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32534"}, {"source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2008-51/"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1023136"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2008-51/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3132"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B2585495-DB97-429F-87AC-4C4E92DE305D (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A263333E-DB86-41BE-A508-731079429E62 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 25121FC4-9EE2-44AE-BEB3-02C3AB38DB61 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 93FCB242-C35B-4CDB-AE62-3CA5D312586B (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 70016926-5776-4A04-8D55-5CA12D1DA9B4 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:express:*:*:*:*:* (string)

matchCriteriaId : 594F4C0E-BAF1-4B28-A21C-8608E1365592 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 930B5AE2-CA47-47D7-96DE-F2B9F70337C8 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:express:*:*:*:*:* (string)

matchCriteriaId : F1898001-E7E8-4B77-96DD-3B4FE70CF4CF (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5:*:express:*:*:*:*:* (string)

matchCriteriaId : 2EA1B92E-A7C9-4AEA-A180-2DC766DC5A09 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FAA5227-C1F5-48C1-A207-096F228E305E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6:*:express:*:*:*:*:* (string)

matchCriteriaId : 91D9B30D-F3CF-4E43-BF8E-A16CA3138AEC (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 74B38E6A-86AA-4C35-AF3F-7F77DF647235 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 271A29AC-0890-495D-8DF7-2530CEAF6C2D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 43BE5332-C982-440A-A7AA-03B83415B444 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 74E095D6-D6C9-4E21-9CBA-508D043C4286 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:* (string)

matchCriteriaId : EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 22F74B9A-D31E-43E3-8A29-BFD09A9442F4 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:express:*:*:*:*:* (string)

matchCriteriaId : E6252B18-7599-4401-AFDC-28C241D8DFC2 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 11E968D1-8198-4686-BFDD-8499CB435B56 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 40A8E0C4-8509-4372-99C7-CFBA2100AEBE (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B0ADAA69-B258-4666-9AB7-7965429EA497 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F4722BA-186A-4999-965E-ED5FA72D4BD0 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : D9FF105A-6B8E-4849-875F-FD87EC9291E3 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 76EC7D2D-4B0A-4CDF-A523-85ABEF05D211 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. (string)

}

1 : { »

lang : es (string)

value : Un desbordamiento de búfer en la región stack de la memoria en el planificador del demonio de aceptación de cliente (CAD) en el cliente en Tivoli Storage Manager (TSM) versiones 5.3 anteriores a 5.3.6.7, versiones 5.4 anteriores a 5.4.3, versiones 5.5 anteriores a 5.5.2.2, y versiones 6.1 anteriores a 6.1.0.2, y TSM Express versiones 5.3.3.0 hasta 5.3.6.6, de IBM, permite a los atacantes remotos ejecutar código arbitrario por medio de datos especialmente diseñados en un paquete TCP. (string)

}

]

id : CVE-2009-3853 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2009-11-04T15:30:00.670 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/32534 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://secunia.com/secunia_research/2008-51/ (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://securitytracker.com/id?1023136 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/507654/100/0/threaded (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2009/3132 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/32534 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/secunia_research/2008-51/ (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://securitytracker.com/id?1023136 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21405562 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/507654/100/0/threaded (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2009/3132 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object