CVE-2010-3058

The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/41044	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
http://www-01.ibm.com/support/docview.wss?uid=swg21443820
http://www.securityfocus.com/bid/42549
http://secunia.com/advisories/41044	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883
http://www-01.ibm.com/support/docview.wss?uid=swg21443820
http://www.securityfocus.com/bid/42549

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:::::::*

History

No history.

Information

Published : 2010-08-20 18:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3058

Mitre link : CVE-2010-3058

CVE.ORG link : CVE-2010-3058

JSON object : View

Products Affected

ibm

tivoli_storage_manager_fastback

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2010-3058", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-20T18:00:02.623", "references": [{"url": "http://secunia.com/advisories/41044", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/42549", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/41044", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/42549", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors."}, {"lang": "es", "value": "El servicio Mount en IBM Tivoli Storage Manager (TSM) FastBack v5.x.x anterior a v5.5.7, y v6.1.0.0, establece un puerto UDP abierto, lo que podr\u00eda permitir a atacantes remotos sobreescribir direcciones de memoria y ejecutar c\u00f3digo de su elecci\u00f3n, o provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n), a trv\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A482E38-2B78-4064-8682-F7A571D1734C"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840361B9-B3F8-448B-BC7E-065BA4871E46"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8734E08A-716E-4E29-A440-5FB437F7EF46"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF1E98E-B3F5-4348-8D45-B9A8CC916F47"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA49D704-CCC4-48C0-91F9-E6A3A4181FE0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3202AE-CCAB-4120-8F60-B8809C8B192F"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43030674-F9E7-483E-8F47-4B5075A480D7"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:5.5.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B6611E2-9E6A-407A-8649-874E12F12791"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C7756DB-DD6D-4A63-9214-131431F809A0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}