cbcvebase.
CVE-2020-4415
published 2020-04-23

CVE-2020-4415: IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.05%
94.1th percentile
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.

Affected

6 ranges
VendorProductVersion rangeFixed in
ibmspectrum_protect
ibmspectrum_protect
ibmspectrum_protect
ibmspectrum_protect
ibmspectrum_protect7.1.0.0 – 7.1.10.0
ibmspectrum_protect8.1.0.0 – 8.1.9.200

Detection & IOCsextracted from sources · hover to see the quote

port1500
filenameadsmdll.dll
pathC:\PROGRA~1\Tivoli\TSM\Server\adsmdll.dll
processdsmsvc.exe
commandpython ibm_spectrum_protect_verb_134_stack_overflow_CVE-2020-4415.py -t -p 1500
  • Monitor for unauthenticated connections to TCP port 1500 sending verb 134 messages to IBM Spectrum Protect (dsmsvc.exe); large or malformed payloads targeting SmIsValidVerbEx indicate exploitation attempts.
  • Alert on crash or unexpected termination of dsmsvc.exe, particularly with stack buffer overrun exceptions (code c0000409 / Security check failure) in adsmdll!SmIsValidVerbEx.
  • Detect stack smashing patterns: look for return addresses or stack frames filled with 0x4141414141414141 (repeated 'A' bytes) in crash dumps or memory forensics of dsmsvc.exe.
  • The vulnerable code path is in adsmdll!SmIsValidVerbEx+0x164a8; flag any crash or AV at this offset as a high-confidence exploitation indicator.
  • ·The vulnerability is exploitable without authentication; no credentials are required to trigger the stack overflow via TCP port 1500.
  • ·The affected DLL version confirmed in research is 8.1.9.19354 (adsmdll.dll); detections should also cover IBM Spectrum Protect 7.1 and other 8.1.x builds per the NVD advisory.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.