IBM Tivoli Storage Manager Express Backup Server Service (dsmsvc.exe) Packet Handling Remote Overflow

Critical Nessus Plugin ID 29997


The remote backup service is affected by a buffer overflow issue.


The version of Tivoli Storage Manager (TSM) Express installed on the remote host is prior to It is, therefore, affected by a heap-based buffer overflow vulnerability that can be triggered by a user-supplied length value. This could allow an unauthenticated attacker to run arbitrary code on the host with SYSTEM privileges.


Upgrade to TSM Express or later.

See Also

Plugin Details

Severity: Critical

ID: 29997

File Name: ibm_tsm_express_5_3_7_3.nasl

Version: $Revision: 1.16 $

Type: remote

Agent: windows

Family: Windows

Published: 2008/01/17

Modified: 2016/10/27

Dependencies: 25656

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_express

Required KB Items: installed_sw/IBM Tivoli Storage Manager

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/01/14

Reference Information

CVE: CVE-2008-0247

BID: 27235

OSVDB: 40353

CWE: 119