Vulnerability Details : CVE-2006-5855
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2006-5855
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5855
96.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5855
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2006-5855
-
http://www-1.ibm.com/support/docview.wss?uid=swg21250261
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30699
-
http://www.vupen.com/english/advisories/2006/4856
-
http://www.securityfocus.com/archive/1/453544/100/0/threaded
-
http://www.kb.cert.org/vuls/id/350625
US Government Resource
-
http://www.kb.cert.org/vuls/id/887249
US Government Resource
-
http://securitytracker.com/id?1017333
-
http://www.kb.cert.org/vuls/id/478753
US Government Resource
-
http://www.tippingpoint.com/security/advisories/TSRT-06-14.html
Vendor Advisory
-
http://www.securityfocus.com/bid/21440
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30701
-
http://securityreason.com/securityalert/1979
-
http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30702
Jump to