cpe:/a:ibm:tivoli_storage_manager:5.3.0 cpe:/a:ibm:tivoli_storage_manager:5.3.1 cpe:/a:ibm:tivoli_storage_manager:5.3.2 cpe:/a:ibm:tivoli_storage_manager:5.3.2.4 cpe:/a:ibm:tivoli_storage_manager:5.3.3 cpe:/a:ibm:tivoli_storage_manager:5.3.4 cpe:/a:ibm:tivoli_storage_manager:5.3.5.1 cpe:/a:ibm:tivoli_storage_manager:5.3.6.1 cpe:/a:ibm:tivoli_storage_manager:5.3.6.2 cpe:/a:ibm:tivoli_storage_manager:5.3.6.3 cpe:/a:ibm:tivoli_storage_manager:5.3.6.4 cpe:/a:ibm:tivoli_storage_manager:5.3.6.5 cpe:/a:ibm:tivoli_storage_manager:5.3.6.6 cpe:/a:ibm:tivoli_storage_manager:5.4.0 cpe:/a:ibm:tivoli_storage_manager:5.4.1 cpe:/a:ibm:tivoli_storage_manager:5.4.2 cpe:/a:ibm:tivoli_storage_manager:5.4.2.2 cpe:/a:ibm:tivoli_storage_manager:5.4.2.3 cpe:/a:ibm:tivoli_storage_manager:5.4.2.4 cpe:/a:ibm:tivoli_storage_manager:5.5.0 cpe:/a:ibm:tivoli_storage_manager:5.5.1 cpe:/a:ibm:tivoli_storage_manager:5.5.2 cpe:/a:ibm:tivoli_storage_manager:6.1.0 cpe:/a:ibm:tivoli_storage_manager:6.1.1 cpe:/a:ibm:tivoli_storage_manager:6.1.2 cpe:/a:ibm:tivoli_storage_manager:6.1.3 CVE-2010-4604 2010-12-29T13:00:03.777-05:00 2011-01-04T00:00:00.000-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-12-29T15:33:00.000-05:00 SECTRACK 1024901 EXPLOIT-DB 15745 BUGTRAQ 20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root SECUNIA 42639 VUPEN ADV-2010-3251 IAVM IAVM:2011-B-0003 AIXAPAR IC65491 CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21454745 MISC http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c MISC http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.