Details of VAR-201502-0228

ID

VAR-201502-0228

CVE

CVE-2014-6184

TITLE

plural OS Run on IBM Tivoli Storage Manager Client's dsmtca Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-007936

DESCRIPTION

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors. Successful exploits may allow attackers to execute arbitrary code in the context of the application with root privileges. Failed exploits may result in denial-of-service conditions. IBM Tivoli Storage Manager (TSM) is a set of backup and recovery management solutions of IBM Corporation in the United States. The solution supports data protection, space management and archiving, business recovery and disaster recovery, etc. The dsmtca program in the IBM TSM client has a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability to gain privileges. The following versions are affected: IBM TSM versions 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2.0.0 through 6.2.5.3 on UNIX, Linux and OS X platforms, Version 6.3.0.0 to version 6.3.2.2

Trust: 1.98

sources: NVD: CVE-2014-6184 // JVNDB: JVNDB-2014-007936 // BID: 74320 // VULHUB: VHN-74127

AFFECTED PRODUCTS

vendor:	ibm	model:	tivoli storage manager	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	lte	version:	5.4.3.6	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	lte	version:	5.5.4.3	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	lte	version:	6.2.5.3	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	lte	version:	6.3.2.2	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	lte	version:	6.1.5.6	Trust: 1.0
vendor:	ibm	model:	tivoli storage manager	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	ibm	model:	spectrum protect	scope:	eq	version:	5.5 to 5.5.4.3	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	lt	version:	6.3	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	lt	version:	6.2	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	eq	version:	6.3.2.3	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	eq	version:	5.4 to 5.4.3.6	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	eq	version:	6.2.5.4	Trust: 0.8
vendor:	ibm	model:	spectrum protect	scope:	eq	version:	6.1 to 6.1.5.6	Trust: 0.8
vendor:	ibm	model:	tivoli storage manager	scope:	eq	version:	6.1	Trust: 0.6
vendor:	ibm	model:	tivoli storage manager	scope:	eq	version:	5.4	Trust: 0.6
vendor:	ibm	model:	tivoli storage manager	scope:	eq	version:	5.5	Trust: 0.6
vendor:	ibm	model:	tivoli storage manager	scope:	eq	version:	6.3	Trust: 0.6
vendor:	ibm	model:	tivoli storage manager	scope:	eq	version:	6.2	Trust: 0.6
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.3	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.3.2.2	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.3.1.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.3.0.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.5.3	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.5.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.4.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.1.1	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.1.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.2.0.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.5.6	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.5.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.3.4	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.3.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.4.3	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.4.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.2.7	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.2.12	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.5.0.0	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.4.3.6	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.4.3.4	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.4.3.3	Trust: 0.3
vendor:	ibm	model:	tivoli storage manager client	scope:	eq	version:	5.4.0.0	Trust: 0.3

sources: BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6184
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-6184
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201502-377
value:	HIGH
Trust: 0.6
VULHUB:	VHN-74127
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-6184
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-74127
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-74127 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-74127 // JVNDB: JVNDB-2014-007936 // NVD: CVE-2014-6184

THREAT TYPE

local

Trust: 0.9

sources: BID: 74320 // CNNVD: CNNVD-201502-377

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201502-377

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007936

PATCH

title:	1695878	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695878	Trust: 0.8
title:	6.3.2.3-TIV-TSMBAC-LinuxX86	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54036	Trust: 0.6
title:	6.2.5.4-TIV-TSMBAC-Mac	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54035	Trust: 0.6
title:	6.2.5.4-TIV-TSMBAC-LinuxX86	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54034	Trust: 0.6
title:	6.3.2.3-TIV-TSMBAC-Mac	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54037	Trust: 0.6

sources: JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6184	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-007936	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-377	Trust: 0.7
db:	BID	id:	74320	Trust: 0.4
db:	VULHUB	id:	VHN-74127	Trust: 0.1

sources: VULHUB: VHN-74127 // BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695878	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1it05707	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6184	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6184	Trust: 0.8
url:	http://www.ibm.com	Trust: 0.3

sources: VULHUB: VHN-74127 // BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

CREDITS

Matthias Kaiser from Daimler TSS GmbH

Trust: 0.3

sources: BID: 74320

SOURCES

db:	VULHUB	id:	VHN-74127
db:	BID	id:	74320
db:	JVNDB	id:	JVNDB-2014-007936
db:	CNNVD	id:	CNNVD-201502-377
db:	NVD	id:	CVE-2014-6184

LAST UPDATE DATE

2024-08-14T13:47:52.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-74127	date:	2020-09-25T00:00:00
db:	BID	id:	74320	date:	2015-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-007936	date:	2015-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201502-377	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2014-6184	date:	2021-09-08T17:19:30.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-74127	date:	2015-02-22T00:00:00
db:	BID	id:	74320	date:	2015-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-007936	date:	2015-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201502-377	date:	2015-02-26T00:00:00
db:	NVD	id:	CVE-2014-6184	date:	2015-02-22T02:59:00.060