CVE-2009-3855 - Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (

CVE-2009-3855

Summary

Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.

References

Vulnerable Configurations

cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 18-11-2009 - 07:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

aixapar	IC54489
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21405562
secunia	32534
vupen	ADV-2009-3132

Last major update

18-11-2009 - 07:00

Published

04-11-2009 - 15:30

Last modified

18-11-2009 - 07:00