CVE-2010-3754

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 - Vendor Advisory
References () http://www.ibm.com/support/docview.wss?uid=swg21443820 - Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=swg21443820 - Vendor Advisory
References () http://www.securityfocus.com/archive/1/514058/100/0/threaded - () http://www.securityfocus.com/archive/1/514058/100/0/threaded -
References () http://zerodayinitiative.com/advisories/ZDI-10-182/ - () http://zerodayinitiative.com/advisories/ZDI-10-182/ -

Information

Published : 2010-10-05 22:00

Updated : 2024-11-21 01:19


NVD link : CVE-2010-3754

Mitre link : CVE-2010-3754

CVE.ORG link : CVE-2010-3754


JSON object : View

Products Affected

ibm

  • tivoli_storage_manager_fastback
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')