Vulnerability Description
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Storage Manager Fastback | 5.5.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21443820Vendor Advisory
- http://www.securityfocus.com/archive/1/514058/100/0/threaded
- http://zerodayinitiative.com/advisories/ZDI-10-182/
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21443820Vendor Advisory
- http://www.securityfocus.com/archive/1/514058/100/0/threaded
- http://zerodayinitiative.com/advisories/ZDI-10-182/
FAQ
What is CVE-2010-3754?
CVE-2010-3754 is a vulnerability with a CVSS score of 10.0 (HIGH). The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields ...
How severe is CVE-2010-3754?
CVE-2010-3754 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3754?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Storage Manager Fastback.