CVE-2011-1223

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/45098	Vendor Advisory
http://securitytracker.com/id?1025741
http://www.ibm.com/support/docview.wss?uid=swg1IC77052
http://www.ibm.com/support/docview.wss?uid=swg21457604
http://www.securityfocus.com/bid/48519
http://secunia.com/advisories/45098	Vendor Advisory
http://securitytracker.com/id?1025741
http://www.ibm.com/support/docview.wss?uid=swg1IC77052
http://www.ibm.com/support/docview.wss?uid=swg21457604
http://www.securityfocus.com/bid/48519

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager:4.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:25

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/45098 - Vendor Advisory~~	() http://secunia.com/advisories/45098 - Vendor Advisory
References	~~() http://securitytracker.com/id?1025741 -~~	() http://securitytracker.com/id?1025741 -
References	~~() http://www.ibm.com/support/docview.wss?uid=swg1IC77052 -~~	() http://www.ibm.com/support/docview.wss?uid=swg1IC77052 -
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21457604 -~~	() http://www.ibm.com/support/docview.wss?uid=swg21457604 -
References	~~() http://www.securityfocus.com/bid/48519 -~~	() http://www.securityfocus.com/bid/48519 -

Information

Published : 2011-07-17 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-1223

Mitre link : CVE-2011-1223

CVE.ORG link : CVE-2011-1223

JSON object : View

Products Affected

microsoft

windows

ibm

tivoli_storage_manager

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-1223", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-07-17T20:55:01.373", "references": [{"url": "http://secunia.com/advisories/45098", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025741", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/48519", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/45098", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1025741", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/48519", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funcionalidad de\r\nsecuencia de datos alternativa (ADS o Alternate Data Stream)en el cliente del archivo de copia de seguridad en IBM Tivoli Storage Manager (TSM), antes de v5.4.3.4, en v5.5.x antes de v5.5.3, en 6.x antes de v6.1.4, y en v6.2.x antes de v6.2.2 en Windows permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5842195D-451A-4BDF-8B5C-9E5C906EC738", "versionEndIncluding": "5.4.3.3"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10