NVD Vulnerability Detail

CVE-2006-5855

Summary	Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
Publication Date	Dec. 7, 2006, 4:28 a.m.
Registration Date	Jan. 29, 2021, 3:49 p.m.
Last Update	Oct. 18, 2018, 6:45 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/23177	SECUNIA	Vendor Advisory
2	http://securityreason.com/securityalert/1979	SREASON
3	http://securitytracker.com/id?1017333	SECTRACK
4	http://www.kb.cert.org/vuls/id/350625	CERT-VN	US Government Resource
5	http://www.kb.cert.org/vuls/id/478753	CERT-VN	US Government Resource
6	http://www.kb.cert.org/vuls/id/887249	CERT-VN	US Government Resource
7	http://www.securityfocus.com/archive/1/453544/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/21440	BID	Patch Vendor Advisory
9	http://www.tippingpoint.com/security/advisories/TSRT-06-14.html	MISC	Vendor Advisory
10	http://www.vupen.com/english/advisories/2006/4856	VUPEN
11	http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347	AIXAPAR	Patch Vendor Advisory
12	http://www-1.ibm.com/support/docview.wss?uid=swg21250261	CONFIRM	Patch Vendor Advisory
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/30699	XF
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/30701	XF
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/30702	XF

Common Vulnerabilities List

JVN Vulnerability Information

IBM TSM におけるバッファオーバーフローの脆弱性

Title	IBM TSM におけるバッファオーバーフローの脆弱性
Summary	IBM Tivoli Storage Manager (TSM) には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、以下に含まれる過度に長い文字列を介して、サービス運用妨害 (クラッシュ) 状態にされる、および任意のコードを実行される可能性があります。 (1) 0x18 バイトで始まるログオンの language フィールド (2) SmExecuteWdsfSession 関数へのパラメータ (3) オープン登録メッセージ内の contact フィールド
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 6, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

Affected System

IBM

IBM Spectrum Protect (旧 Tivoli Storage Manager) 5.2.9 未満および 5.3.4 未満の 5.3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5855	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5855
National Vulnerability Database (NVD)
2	CVE-2006-5855	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5855

ベンダー情報

No	Name	URL
IBM
1	Tivoli Storage Manager	http://www-947.ibm.com/support/entry/portal/overview//software/tivoli/tivoli_storage_manager

その他

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*