module
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
| Disclosed | Created |
|---|---|
| 2009-11-04 | 2018-05-30 |
Disclosed
2009-11-04
Created
2018-05-30
Description
This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service.
By sending a "ping" packet containing a long string, an attacker can execute arbitrary code.
NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order
for the vulnerable code to be reached. This state doesn't appear to be reachable when the
TSM server is not running. This service does not restart.
By sending a "ping" packet containing a long string, an attacker can execute arbitrary code.
NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order
for the vulnerable code to be reached. This state doesn't appear to be reachable when the
TSM server is not running. This service does not restart.
Author
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.