CVE-2010-3757 Information

Description

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059.

Reference

http://www.ibm.com/support/docview.wss?uid=swg21443820 http://www.securityfocus.com/archive/1/514069/100/0/threaded http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883 http://zerodayinitiative.com/advisories/ZDI-10-185/