CVE-2010-4604

{"id": "CVE-2010-4604", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-29T18:00:03.777", "references": [{"url": "http://secunia.com/advisories/42639", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1024901", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/15745", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c", "tags": ["Broken Link", "Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/3251", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42639", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1024901", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/15745", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c", "tags": ["Broken Link", "Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/3251", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n GeneratePassword en dsmtca (tambi\u00e9n conocido como el Trusted Communications Agent o TCA) en el cliente backup-archive en IBM Tivoli Storage Manager (TSM) v5.3.x anterior a v5.3.6.10, v5.4.x anterior a v5.4.3.4, v5.5.x anterior a v5.5.2.10, y v6.1.x anterior a v6.1.3.1 sobre Unix y Linux permite a usuarios locales obtener privilegios especificando una variable de entorno LANG de gran tama\u00f1o y posteriormente enviando una petici\u00f3n sobre una tuber\u00eda (pipe)."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D495CFC-A290-4752-A53B-D5A37C714144", "versionEndIncluding": "5.3.6.7", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE1FE8D-36F2-4039-B64C-F106F9F86D93", "versionEndIncluding": "5.4.3.3", "versionStartIncluding": "5.4.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F20A7F-0BC1-4247-B4F8-F7B1BAF3E237", "versionEndIncluding": "5.5.2.7", "versionStartIncluding": "5.5.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "951E603F-D67E-4607-9D84-064BDB63BF90", "versionEndIncluding": "6.1.3", "versionStartIncluding": "6.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}