CVE-2006-5855

critical

Description

Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30702

https://exchange.xforce.ibmcloud.com/vulnerabilities/30701

https://exchange.xforce.ibmcloud.com/vulnerabilities/30699

http://www.vupen.com/english/advisories/2006/4856

http://www.tippingpoint.com/security/advisories/TSRT-06-14.html

http://www.securityfocus.com/bid/21440

http://www.securityfocus.com/archive/1/453544/100/0/threaded

http://www.kb.cert.org/vuls/id/887249

http://www.kb.cert.org/vuls/id/478753

http://www.kb.cert.org/vuls/id/350625

http://www-1.ibm.com/support/docview.wss?uid=swg21250261

http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347

http://securitytracker.com/id?1017333

http://securityreason.com/securityalert/1979

http://secunia.com/advisories/23177

Details

Source: Mitre, NVD

Published: 2006-12-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical