CVSS: 10.0EPSS: 27%CPEs: 10EXPL: 0CVE-2010-3758
https://notcve.org/view.php?id=CVE-2010-3758
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059. Múltiples desbordamientos de búfer basados en pila en FastBackServer.exe en el servidor de IBM Tivoli Storage Manager (TSM) Fastback v5.5.0.0 a v5.5.6.0 y 6.1.0.0 a v6.1.0.1 permiten a atacantes remotos ejecutar código arbitrario a través de vectores que afectan a (1) la función AGI_SendToLog (también conocida como _SendToLog), los campos (2) group , (3) workgroup, y (4) domain name , a la función USER_S_AddADGroup, (5) la variable user_path a la función FXCLI_checkIndexDBLocation, o (6)a la función _AGI_S_ActivateLTScriptReply (también conocido como ActivateLTScriptReply). NOTA: esto puede superponerse CVE-2010-3059. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514059/100/0/threaded http://www.securityfocus.com/archive/1/514067/100/0/threaded http://www.securityfocus.com/archive/1/514072/100/0/threaded http://www.securityfocus.com/archive/1/514078/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-180 http://zerodayinitiative.com/advisories/ZDI-10-181 http://zerodayinitiativ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-3754
https://notcve.org/view.php?id=CVE-2010-3754
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059. La función FXCLI_OraBR_Exec_Command en FastBackServer.exe en el servidor de IBM Tivoli Storage Manager (TSM) Fastback v5.5.0.0 a v5.5.6.0 y v6.1.0.0 a v6.1.0.1 usa valores de los campos del paquete para determinar el contenido y la longitud de los datos copiados a memoria, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete debidamente modificado. NOTA: esto puede superponerse a CVE-2010-3059. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514058/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-182 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-3756
https://notcve.org/view.php?id=CVE-2010-3756
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060. La función _CalcHashValueWithLength en FastBackServer.exe en el servidor de IBM Tivoli Storage Manager (TSM) Fastback v5.5.0.0 a v5.5.6.0 y v6.1.0.0 a v6.1.0.1 no valida correctamente la longitud de un valor no especificado, lo que permite a atacantes remotos provocar una denegación de servicio (mediante caída del demonio) enviando datos sobre TCP. NOTA: esto puede superponerse a CVE-2010-3060. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514070/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-186 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-3757
https://notcve.org/view.php?id=CVE-2010-3757
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059. Vulnerabilidad de formato de cadena en la función _Eventlog en FastBackServer.exe en el servidor de IBM Tivoli Storage Manager (TSM) Fastback v5.5.0.0 a v5.5.6.0 y v6.1.0.0 a v6.1.0.1 permite a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena ubicados después de un | (pipe) en una cadena. NOTA: esto puede superponerse a CVE-2010-3059. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514069/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-185 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-3759
https://notcve.org/view.php?id=CVE-2010-3759
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058. FastBackMount.exe en el servicio de montaje de IBM Tivoli Storage Manager (TSM) Fastback v5.5.0.0 a v5.5.6.0 y v6.1.0.0 a v6.1.0.1 escribe un valor a una posición de memoria indicada por un campo de un paquete UDP, lo que permite a atacantes remotos ejecutar código arbitrario a través de múltiples peticiones. NOTA: esto puede superponerse con CVE-2010-3058. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514068/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-10-179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •