Peter Wilhelmsen

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager (TSM) versions 5.3.x through 5.3.6.9 IBM Tivoli Storage Manager (TSM) versions 5.4.x through 5.4.3.3 IBM Tivoli Storage Manager (TSM) versions 5.5.x through 5.5.2.9 IBM Tivoli Storage Manager (TSM) versions 6.1.x through 6.1.3.0 **Description** A stack-based buffer overflow issue exists in the GeneratePassword function in dsmtca, allowing local users to gain privileges. This is achieved by specifying a long LANG environment variable and then sending a request over a pipe. **Recommendations** For versions 5.3.x through 5.3.6.9, update to version 5.3.6.10 or later. For versions 5.4.x through 5.4.3.3, update to version 5.4.3.4 or later. For versions 5.5.x through 5.5.2.9, update to version 5.5.2.10 or later. For versions 6.1.x through 6.1.3.0, update to version 6.1.3.1 or later.