Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3853Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Tivoli Storage Manager

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
73.9%
top 1.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedNov 4
Latest updateMay 2

Description

Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDibm/tivoli_storage_manager24 versions+23

Patches

Patch: www-01.ibm.comPatch: www.vupen.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6cvx-9vc4-r924: Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 52022-05-02
CVEList
CVE-2009-3853: Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 52009-11-04

💥Exploits & PoCs

1
Exploit-DB
IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (1)2010-05-09
CVE-2009-3853 — IBM vulnerability | cvebase