ID

VAR-201502-0228


CVE

CVE-2014-6184


TITLE

plural OS Run on IBM Tivoli Storage Manager Client's dsmtca Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-007936

DESCRIPTION

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors. Successful exploits may allow attackers to execute arbitrary code in the context of the application with root privileges. Failed exploits may result in denial-of-service conditions. IBM Tivoli Storage Manager (TSM) is a set of backup and recovery management solutions of IBM Corporation in the United States. The solution supports data protection, space management and archiving, business recovery and disaster recovery, etc. The dsmtca program in the IBM TSM client has a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability to gain privileges. The following versions are affected: IBM TSM versions 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2.0.0 through 6.2.5.3 on UNIX, Linux and OS X platforms, Version 6.3.0.0 to version 6.3.2.2

Trust: 1.98

sources: NVD: CVE-2014-6184 // JVNDB: JVNDB-2014-007936 // BID: 74320 // VULHUB: VHN-74127

AFFECTED PRODUCTS

vendor:ibmmodel:tivoli storage managerscope:gteversion:5.5.0

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:lteversion:5.4.3.6

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:gteversion:6.3.0

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:gteversion:6.1.0

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:lteversion:5.5.4.3

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:lteversion:6.2.5.3

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:lteversion:6.3.2.2

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:gteversion:5.4.0

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:lteversion:6.1.5.6

Trust: 1.0

vendor:ibmmodel:tivoli storage managerscope:gteversion:6.2.0

Trust: 1.0

vendor:ibmmodel:spectrum protectscope:eqversion:5.5 to 5.5.4.3

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:ltversion:6.3

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:ltversion:6.2

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:eqversion:6.3.2.3

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:eqversion:5.4 to 5.4.3.6

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:eqversion:6.2.5.4

Trust: 0.8

vendor:ibmmodel:spectrum protectscope:eqversion:6.1 to 6.1.5.6

Trust: 0.8

vendor:ibmmodel:tivoli storage managerscope:eqversion:6.1

Trust: 0.6

vendor:ibmmodel:tivoli storage managerscope:eqversion:5.4

Trust: 0.6

vendor:ibmmodel:tivoli storage managerscope:eqversion:5.5

Trust: 0.6

vendor:ibmmodel:tivoli storage managerscope:eqversion:6.3

Trust: 0.6

vendor:ibmmodel:tivoli storage managerscope:eqversion:6.2

Trust: 0.6

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.4

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.3

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.3.2.2

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.3.1.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.3.0.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.5.3

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.5.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.4.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.1.1

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.1.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.2.0.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.5.6

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.5.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.3.4

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.3.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:6.1.0.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.4.3

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.4.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.2.7

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.2.12

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.5.0.0

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.4.3.6

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.4.3.4

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.4.3.3

Trust: 0.3

vendor:ibmmodel:tivoli storage manager clientscope:eqversion:5.4.0.0

Trust: 0.3

sources: BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6184
value: HIGH

Trust: 1.0

NVD: CVE-2014-6184
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201502-377
value: HIGH

Trust: 0.6

VULHUB: VHN-74127
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6184
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74127
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-74127 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-74127 // JVNDB: JVNDB-2014-007936 // NVD: CVE-2014-6184

THREAT TYPE

local

Trust: 0.9

sources: BID: 74320 // CNNVD: CNNVD-201502-377

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201502-377

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007936

PATCH

title:1695878url:http://www-01.ibm.com/support/docview.wss?uid=swg21695878

Trust: 0.8

title:6.3.2.3-TIV-TSMBAC-LinuxX86url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54036

Trust: 0.6

title:6.2.5.4-TIV-TSMBAC-Macurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54035

Trust: 0.6

title:6.2.5.4-TIV-TSMBAC-LinuxX86url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54034

Trust: 0.6

title:6.3.2.3-TIV-TSMBAC-Macurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54037

Trust: 0.6

sources: JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377

EXTERNAL IDS

db:NVDid:CVE-2014-6184

Trust: 2.8

db:JVNDBid:JVNDB-2014-007936

Trust: 0.8

db:CNNVDid:CNNVD-201502-377

Trust: 0.7

db:BIDid:74320

Trust: 0.4

db:VULHUBid:VHN-74127

Trust: 0.1

sources: VULHUB: VHN-74127 // BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

REFERENCES

url:http://www-01.ibm.com/support/docview.wss?uid=swg21695878

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg1it05707

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6184

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6184

Trust: 0.8

url:http://www.ibm.com

Trust: 0.3

sources: VULHUB: VHN-74127 // BID: 74320 // JVNDB: JVNDB-2014-007936 // CNNVD: CNNVD-201502-377 // NVD: CVE-2014-6184

CREDITS

Matthias Kaiser from Daimler TSS GmbH

Trust: 0.3

sources: BID: 74320

SOURCES

db:VULHUBid:VHN-74127
db:BIDid:74320
db:JVNDBid:JVNDB-2014-007936
db:CNNVDid:CNNVD-201502-377
db:NVDid:CVE-2014-6184

LAST UPDATE DATE

2024-08-14T13:47:52.055000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-74127date:2020-09-25T00:00:00
db:BIDid:74320date:2015-04-24T00:00:00
db:JVNDBid:JVNDB-2014-007936date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-377date:2020-09-27T00:00:00
db:NVDid:CVE-2014-6184date:2021-09-08T17:19:30.890

SOURCES RELEASE DATE

db:VULHUBid:VHN-74127date:2015-02-22T00:00:00
db:BIDid:74320date:2015-04-24T00:00:00
db:JVNDBid:JVNDB-2014-007936date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-377date:2015-02-26T00:00:00
db:NVDid:CVE-2014-6184date:2015-02-22T02:59:00.060