[VIM] ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities
ZDI Disclosures
zdi-disclosures at tippingpoint.com
Tue Oct 12 18:07:35 CDT 2010
11460/tcp is correct.
-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Thursday, October 07, 2010 5:15 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities
: ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities
: http://www.zerodayinitiative.com/advisories/ZDI-10-182
: September 29, 2010
:
: The specific flaw exists within FastBackServer.exe which listens by
: default on TCP port 11460. The vulnerable function uses values directly
: from a received packet as the size and data to several memcpy calls. By
: providing crafted values this issue can lead to remote code execution
: under the context of the fastback server.
Can you confirm 11460 here? The rest of the advisories say 11406 for the port.
More information about the VIM
mailing list